Owasp Cheat Sheet Series

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics. These cheat sheets were created by various application security professionals who have expertise in specific topics.

The cheat sheet series is the best project at OWASP. I use them almost weekly when I reference vulnerabilities for developers. It's one of the main reasons I have a membership. If you feel the guidance is starting to get stale, take a few minutes to make an update and submit a pull request. OWASP Cheat Sheet Series OWASP/CheatSheetSeries Introduction Index Alphabetical Index Alphabetical Table of contents A B. These are based on limiting attackers to OWASP. This is also how the Argon2, scrypt, and bcrypt settings were picked. Well bcrypt is cost 9 (really like 8.05 but integers) to get it. If you have seen OWASP old CSRF prevention cheat sheetsPreventionCheatSheet&action=history), you can observe that a lot has changed in this newer version. One of the major changes is that the “Verifying same origin with standard headers” CSRF defense has been moved to the Defense in Depth section, whereas token based mitigation moved to.

60 cheat sheets available.

Icons beside the cheat sheet name indicate in which language(s) code snippet(s) are provided.

Authorization Testing Automation.

Authentication Cheat Sheet.

AJAX Security Cheat Sheet.

Attack Surface Analysis Cheat Sheet.

Access Control Cheat Sheet.

Abuse Case Cheat Sheet.

Bean Validation Cheat Sheet.

Content Security Policy Cheat Sheet.

Cross-Site Request Forgery Prevention Cheat Sheet.

Cryptographic Storage Cheat Sheet.

Choosing and Using Security Questions Cheat Sheet.

Clickjacking Defense Cheat Sheet.

C-Based Toolchain Hardening Cheat Sheet.

Owasp Juice Shop Cheat Sheet

Credential Stuffing Prevention Cheat Sheet.

Cross Site Scripting Prevention Cheat Sheet.

C-Based Toolchain Hardening.

Deserialization Cheat Sheet.

DOM based XSS Prevention Cheat Sheet.

Denial of Service Cheat Sheet.

Docker Security Cheat Sheet.

DotNet Security Cheat Sheet.

Error Handling Cheat Sheet.

Forgot Password Cheat Sheet.

HTML5 Security Cheat Sheet.

HTTP Strict Transport Security Cheat Sheet.

Injection Prevention Cheat Sheet in Java.

Injection Prevention Cheat Sheet.

Insecure Direct Object Reference Prevention Cheat Sheet.

Input Validation Cheat Sheet.

JSON Web Token Cheat Sheet for Java.

JAAS Cheat Sheet.

Key Management Cheat Sheet.

LDAP Injection Prevention Cheat Sheet.

Logging Cheat Sheet.

Mass Assignment Cheat Sheet.

OS Command Injection Defense Cheat Sheet.

PHP Configuration Cheat Sheet.

Protect FileUpload Against Malicious File.

Password Storage Cheat Sheet.

Pinning Cheat Sheet.

Query Parameterization Cheat Sheet.

REST Assessment Cheat Sheet.

Ruby on Rails Cheatsheet.

REST Security Cheat Sheet.

SAML Security Cheat Sheet.

SQL Injection Prevention Cheat Sheet.

Session Management Cheat Sheet.

Securing Cascading Style Sheets Cheat Sheet.

Third Party Javascript Management Cheat Sheet.

Owasp Prevention Cheat Sheet

Transport Layer Protection Cheat Sheet.

TLS Cipher String Cheat Sheet.

Threat Modeling Cheat Sheet.

Transaction Authorization Cheat Sheet.

User Privacy Protection Cheat Sheet.

Unvalidated Redirects and Forwards Cheat Sheet.

Virtual Patching Cheat Sheet.

Vulnerability Disclosure Cheat Sheet.

Web Service Security Cheat Sheet.

XML Security Cheat Sheet.

XML External Entity Prevention Cheat Sheet.

68 cheat sheets available.