Home

WSTG

WSTG stands for Web Security Testing Guide. It is an open-source resource for testing web application security, maintained by the OWASP community. The guide is used by testers to perform structured assessments and to document findings in a consistent way.

The WSTG provides a methodology, testing techniques, and checklists intended to identify vulnerabilities across the web

Structure and scope: The guide is organized into multiple testing domains. Typical areas include Information Gathering,

Usage: The WSTG is used by security professionals to conduct hands-on assessments, train new testers, and standardize

Availability and maintenance: The guide is openly available online and is maintained by the OWASP community.

application
stack,
including
both
client-side
and
server-side
components.
It
emphasizes
practical
testing
practices
that
map
to
common
security
flaws
and
risk
considerations.
Configuration
and
Deployment
Management
Testing,
Identity
Management
Testing,
Authentication
Testing,
Session
Management
Testing,
Access
Control
Testing,
Input
Validation
Testing,
Testing
for
Error
Handling,
Cryptography,
Business
Logic
Testing,
Client-Side
Testing,
Server-Side
Controls,
API
Security,
and
Data
Handling.
Each
domain
presents
test
cases,
expected
behaviors,
and
guidance
for
evidence
collection
and
risk
assessment.
the
documentation
of
findings.
It
supports
a
risk-based
approach
to
remediation
and
can
be
mapped
to
vulnerability
taxonomies
such
as
the
OWASP
Top
Ten.
It
is
updated
periodically
to
reflect
evolving
web
technologies,
attack
techniques,
and
defense
practices.