{"id":13539572,"url":"https://github.com/owasp/wstg","last_synced_at":"2026-02-24T09:03:19.855Z","repository":{"id":37432035,"uuid":"91277330","full_name":"OWASP/wstg","owner":"OWASP","description":"The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.","archived":false,"fork":false,"pushed_at":"2024-10-15T21:27:16.000Z","size":21188,"stargazers_count":7223,"open_issues_count":51,"forks_count":1318,"subscribers_count":333,"default_branch":"master","last_synced_at":"2024-10-17T09:30:47.909Z","etag":null,"topics":["application-security","appsec","best-practices","bugbounty","guide","hacking","hacktoberfest","owasp","penetration-testing","pentesting","security"],"latest_commit_sha":null,"homepage":"https://owasp.org/www-project-web-security-testing-guide/","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc-by-sa-4.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OWASP.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"custom":"https://owasp.org/donate/?reponame=www-project-web-security-testing-guide\u0026title=OWASP+Web+Security+Testing+Guide","github":"OWASP"}},"created_at":"2017-05-14T23:20:40.000Z","updated_at":"2024-10-17T07:19:44.000Z","dependencies_parsed_at":"2023-02-15T09:00:49.492Z","dependency_job_id":"be7f9daf-348b-46a1-82c1-f8aa04b09d14","html_url":"https://github.com/OWASP/wstg","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2Fwstg","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2Fwstg/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2Fwstg/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2Fwstg/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OWASP","download_url":"https://codeload.github.com/OWASP/wstg/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245623534,"owners_count":20645783,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["application-security","appsec","best-practices","bugbounty","guide","hacking","hacktoberfest","owasp","penetration-testing","pentesting","security"],"created_at":"2024-08-01T09:01:28.124Z","updated_at":"2026-02-24T09:03:19.807Z","avatar_url":"https://github.com/OWASP.png","language":"Dockerfile","readme":"# OWASP Web Security Testing Guide\n\n[![Contributions Welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/OWASP/wstg/issues)\n[![OWASP Flagship](https://img.shields.io/badge/owasp-flagship-brightgreen.svg)](https://owasp.org/projects/)\n[![Twitter Follow](https://img.shields.io/twitter/follow/owasp_wstg?style=social)](https://twitter.com/owasp_wstg)\n\n[![Creative Commons License](https://licensebuttons.net/l/by-sa/4.0/88x31.png)](https://creativecommons.org/licenses/by-sa/4.0/ \"CC BY-SA 4.0\")\n\nWelcome to the official repository for the Open Web Application Security Project® (OWASP®) Web Security Testing Guide (WSTG). The WSTG is a comprehensive guide to testing the security of web applications and web services. Created by the collaborative efforts of security professionals and dedicated volunteers, the WSTG provides a framework of best practices used by penetration testers and organizations all over the world.\n\nWe are currently working on release version 5.0. You can [read the current document here on GitHub](https://github.com/OWASP/wstg/tree/master/document).\n\nFor the last stable release, [check release 4.2](https://github.com/OWASP/wstg/releases/tag/v4.2). Also available [online](https://owasp.org/www-project-web-security-testing-guide/v42/).\n\n- [How To Reference WSTG Scenarios](#how-to-reference-wstg-scenarios)\n    - [Linking](#linking)\n- [Contributions, Feature Requests, and Feedback](#contributions-feature-requests-and-feedback)\n- [Chat With Us](#chat-with-us)\n- [Project Leaders](#project-leaders)\n- [Core Team](#core-team)\n- [Translations](#translations)\n\n## How To Reference WSTG Scenarios\n\nEach scenario has an identifier in the format `WSTG-\u003ccategory\u003e-\u003cnumber\u003e`, where: 'category' is a 4 character upper case string that identifies the type of test or weakness, and 'number' is a zero-padded numeric value from 01 to 99. For example:`WSTG-INFO-02` is the second Information Gathering test.\n\nThe identifiers may change between versions. Therefore, it is preferable that other documents, reports, or tools use the format: `WSTG-\u003cversion\u003e-\u003ccategory\u003e-\u003cnumber\u003e`, where: 'version' is the version tag with punctuation removed. For example: `WSTG-v42-INFO-02` would be understood to mean specifically the second Information Gathering test from version 4.2.\n\nIf identifiers are used without including the `\u003cversion\u003e` element, they should be assumed to refer to the latest Web Security Testing Guide content. As the guide grows and changes this becomes problematic, which is why writers or developers should include the version element.\n\n### Linking\n\nLinking to Web Security Testing Guide scenarios should be done using versioned links not `stable` or `latest`, which will change with time. However, it is the project team's intention that versioned links do not change. For example: `https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server.html`. Note: the `v42` element refers to version 4.2.\n\n## Contributions, Feature Requests, and Feedback\n\nWe are actively inviting new contributors! To start, read the [contribution guide](CONTRIBUTING.md).\n\nFirst time here? Here are [GitHub's suggestions for first-time contributors](https://github.com/OWASP/wstg/contribute) to this repository.\n\nThis project is only possible thanks to the work of many dedicated volunteers. Everyone is encouraged to help in ways large and small. Here are a few ways you can help:\n\n- Read the current content and help us fix any spelling mistakes or grammatical errors.\n- Help with [translation](CONTRIBUTING.md#translation) efforts.\n- Choose an existing issue and submit a pull request to fix it.\n- Open a new issue to report an opportunity for improvement.\n\nTo learn how to contribute successfully, read the [contribution guide](CONTRIBUTING.md).\n\nSuccessful contributors appear on [the project's list of authors, reviewers, or editors](document/1-Frontispiece/README.md).\n\n## Chat With Us\n\nWe're easy to find on Slack:\n\n1. Join the OWASP Group Slack with this [invitation link](https://owasp.org/slack/invite).\n2. Join this project's [channel, #testing-guide](https://app.slack.com/client/T04T40NHX/CJ2QDHLRJ).\n\nFeel free to ask questions, suggest ideas, or share your best recipes.\n\nYou can @ us on Twitter [@owasp_wstg](https://twitter.com/owasp_wstg).\n\nYou can also join our [Google Group](https://groups.google.com/a/owasp.org/forum/#!forum/testing-guide-project).\n\n## Project Leaders\n\n- [Rick Mitchell](https://github.com/kingthorin)\n- [Elie Saad](https://github.com/ThunderSon)\n\n## Core Team\n\n- [Rejah Rehim](https://github.com/rejahrehim)\n- [Victoria Drake](https://github.com/victoriadrake)\n\n## Translations\n\n- [Portuguese-BR](https://github.com/doverh/wstg-translations-pt)\n- [Russian](https://github.com/andrettv/WSTG/tree/master/WSTG-ru)\n- [French](https://github.com/clallier94/wstg-translation-fr)\n- [Persian (Farsi)](https://github.com/whoismh11/owasp-wstg-fa)\n\n---\n\nOpen Web Application Security Project and OWASP are registered trademarks of the OWASP Foundation, Inc.\n","funding_links":["https://owasp.org/donate/?reponame=www-project-web-security-testing-guide\u0026title=OWASP+Web+Security+Testing+Guide","https://github.com/sponsors/OWASP"],"categories":["\u003ca id=\"1233584261c0cd5224b6e90a98cc9a94\"\u003e\u003c/a\u003e渗透\u0026\u0026offensive\u0026\u0026渗透框架\u0026\u0026后渗透框架","\u003ca id=\"5dd93fbc2f2ebc8d98672b2d95782af3\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"8e1069b2bce90b87eea762ee3d0935d8\"\u003e\u003c/a\u003eOWASP"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fowasp%2Fwstg","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fowasp%2Fwstg","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fowasp%2Fwstg/lists"}