The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.

Jan 13, 2026 · Application Security practitioners, software engineers, and researchers from all over the world gather at OWASP’s BASC conferences to discover, present and discuss the latest …

4.0 Introduction and Objectives This section describes the OWASP web application security testing methodology and explains how to test for evidence of vulnerabilities within the application due to …

Interactive Application Security Testing IAST (interactive application security testing) is an application security testing method that tests the application while the app is run by an automated test, human …

Mobile Application Security Testing In the following sections we'll provide a brief overview of general security testing principles and key terminology. The concepts introduced are largely identical to those …

Source code analysis tools, also known as Static Application Security Testing (SAST) Tools, can help analyze source code or compiled versions of code to help find security flaws. SAST tools can be …

WSTG - v4.2 on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.

The OWASP Mobile Application Security (MAS) project consists of a series of documents that establish a security and privacy standard for mobile apps and a comprehensive testing guide that covers the …

The OWASP Application Security Verification Standard (ASVS) Project is a framework of security requirements that focus on defining the security controls required when designing, developing and …

Dynamic Application Security Testing (DAST) DAST is a “Black-Box” testing, can find security vulnerabilities and weaknesses in a running application by injecting malicious payloads to identify …