Skip to content
Navigation Menu
Toggle navigation
Sign in
Appearance settings
Platform
AI CODE CREATION
GitHub Copilot
Write better code with AI
GitHub Copilot app
Direct agents from issue to merge
MCP Registry
New
Integrate external tools
DEVELOPER WORKFLOWS
Actions
Automate any workflow
Codespaces
Instant dev environments
Issues
Plan and track work
Code Review
Manage code changes
APPLICATION SECURITY
GitHub Advanced Security
Find and fix vulnerabilities
Code security
Secure your code as you build
Secret protection
Stop leaks before they start
EXPLORE
Why GitHub
Documentation
Blog
Changelog
Marketplace
View all features
Solutions
BY COMPANY SIZE
Enterprises
Small and medium teams
Startups
Nonprofits
BY USE CASE
App Modernization
DevSecOps
DevOps
CI/CD
View all use cases
BY INDUSTRY
Healthcare
Financial services
Manufacturing
Government
View all industries
View all solutions
Resources
EXPLORE BY TOPIC
AI
Software Development
DevOps
Security
View all topics
EXPLORE BY TYPE
Customer stories
Events & webinars
Ebooks & reports
Business insights
GitHub Skills
SUPPORT & SERVICES
Documentation
Customer support
Community forum
Trust center
Partners
View all resources
Open Source
COMMUNITY
GitHub Sponsors
Fund open source developers
PROGRAMS
Security Lab
Maintainer Community
Accelerator
GitHub Stars
Archive Program
REPOSITORIES
Topics
Trending
Collections
Enterprise
ENTERPRISE SOLUTIONS
Enterprise platform
AI-powered developer platform
AVAILABLE ADD-ONS
GitHub Advanced Security
Enterprise-grade security features
Copilot for Business
Enterprise-grade AI features
Premium Support
Enterprise-grade 24/7 support
Pricing
Search or jump to...
Search code, repositories, users, issues, pull requests...
Search syntax tips
Provide feedback
Saved searches
Use saved searches to filter your results more quickly
Sign in
Sign up
Appearance settings
Resetting focus
You signed in with another tab or window.
Reload
to refresh your session.
You signed out in another tab or window.
Reload
to refresh your session.
You switched accounts on another tab or window.
Reload
to refresh your session.
Dismiss alert
{{ message }}
Uh oh!
There was an error while loading.
Please reload this page
.
OWASP
/
wstg
Public
Uh oh!
There was an error while loading.
Please reload this page
.
Notifications
You must be signed in to change notification settings
Fork
1.6k
Star
9.5k
Code
Issues
34
Pull requests
6
Actions
Models
Security and quality
0
Insights
Additional navigation options
Code
Issues
Pull requests
Actions
Models
Security and quality
Insights
Commits
Breadcrumbs
History for
wstg
document
on
master
User selector
All users
All time
Commit history
Commits on Jun 30, 2026
docs: add Mohammad Hossein Sadeghian to authors (#1439)
m4sh-wacker
authored
78e6b67
Copy full SHA for 78e6b67
Add Testing for Prototype Pollution (WSTG-INPV-22) (#1423)
Show description for b87d2b2
3 people
authored
b87d2b2
Copy full SHA for b87d2b2
Various small wording changes, tweaks and improvements (#1436)
rbsec
authored
93f2419
Copy full SHA for 93f2419
Commits on Jun 29, 2026
Enhance REST API Testing Methodologies (Issue #492) (#1427)
Show description for c4f1e27
PaarthPandey10
authored
c4f1e27
Copy full SHA for c4f1e27
Commits on Jun 23, 2026
Update 04-API_Broken_Function_Level_Authorization.md (#1431)
dgiannico
authored
290c852
Copy full SHA for 290c852
Commits on Jun 18, 2026
Fixed missing closing bracket (#1429)
Kendalit1
authored
321e175
Copy full SHA for 321e175
Commits on Jun 15, 2026
Add checks for magic hashes and passwords of the same length (#1425)
Show description for c68e2ad
rbsec
and
kingthorin
authored
c68e2ad
Copy full SHA for c68e2ad
Commits on Jun 10, 2026
fix WSTG-SESS-10 typo (#1426)
pilgrimlyieu
authored
94249aa
Copy full SHA for 94249aa
Commits on Jun 7, 2026
Tweak Textlint and Note wording/syntax (#1424)
Show description for 544c0d8
kingthorin
authored
544c0d8
Copy full SHA for 544c0d8
Various small wording and typo fixes (#1421)
Show description for a31f9c4
rbsec
and
kingthorin
authored
a31f9c4
Copy full SHA for a31f9c4
Commits on May 27, 2026
Update WSTG-CONF-10 subdomain takeover testing methodology (#1413)
Show description for 7dea71b
Corencas
and
kingthorin
authored
7dea71b
Copy full SHA for 7dea71b
fix WSTG-ATHN-11 typo (#1416)
pilgrimlyieu
authored
d386ff1
Copy full SHA for d386ff1
Commits on Apr 24, 2026
Update outdated web spider tools (mark legacy + add modern alternatives) (#1411)
Haqyar-1
authored
b4a1f59
Copy full SHA for b4a1f59
Add missing section for testing HTTP security header misconfigurations (#1410)
ash47
authored
6cf8363
Copy full SHA for 6cf8363
Commits on Apr 23, 2026
Update reference link for OWASP API Security (#1409)
Zoe Braiterman
authored
363c164
Copy full SHA for 363c164
Commits on Apr 11, 2026
Fix typo (#1400)
Show description for 52c8cd3
kingthorin
authored
52c8cd3
Copy full SHA for 52c8cd3
Commits on Apr 10, 2026
Create 04-API_Broken_Function_Level_Authorization.md (#1207)
Show description for bfc7be7
3 people
authored
bfc7be7
Copy full SHA for bfc7be7
Commits on Apr 5, 2026
docs: add human factors advisory and checklist (fixes #13) (#1392)
Show description for 231be03
theanand108
and
kingthorin
authored
231be03
Copy full SHA for 231be03
Commits on Apr 4, 2026
Add 0xBassia to authors credits (#1384)
Show description for f5628e1
0xBassia
and
kingthorin
authored
f5628e1
Copy full SHA for f5628e1
Commits on Apr 3, 2026
Update README.md - Add Alexander Bas as author (#1383)
aphroph
authored
50e66ff
Copy full SHA for 50e66ff
Commits on Apr 2, 2026
Add more enumeration strategies & bypasses to GraphQL (#1372)
omar2535
authored
9f5b996
Copy full SHA for 9f5b996
Add Testing for Cross-Device Session Reuse and Single Authentication Cookie in SSO Environments [WSTG-SESS-06] (#1379)
Show description for 0e64d5d
aphroph
and
kingthorin
authored
0e64d5d
Copy full SHA for 0e64d5d
Commits on Apr 1, 2026
Correct command injection example in documentation (#1381)
wandt0n
authored
965a23d
Copy full SHA for 965a23d
Commits on Mar 31, 2026
Modernize logging guidance in WSTG-CONF-02 (fix #685) (#1373)
Nik-ui
authored
86ef8af
Copy full SHA for 86ef8af
Add WSTG-BUSL-11: Testing for Race Conditions (#1370)
Show description for 43e4a69
0xBassia
and
claude
authored
43e4a69
Copy full SHA for 43e4a69
Commits on Mar 26, 2026
Add guidance on reproducible test artifacts in reporting section (#1375)
Show description for 55bd44b
eswar-subhash
and
kingthorin
authored
55bd44b
Copy full SHA for 55bd44b
Remove outdated logout visibility requirement in WSTG-SESS-06 (#1374)
Show description for eac4741
eswar-subhash
and
kingthorin
authored
eac4741
Copy full SHA for eac4741
Commits on Mar 18, 2026
Add WSTG-APIT-03: Testing for Excessive Data Exposure (#1368)
0xBassia
authored
ae3e640
Copy full SHA for ae3e640
Commits on Mar 16, 2026
Renaming 'weak encryption' file to be more reflective of its content - #734 (#1366)
JamarleyHub
authored
ca7ecf6
Copy full SHA for ca7ecf6
Commits on Mar 15, 2026
Enhance reconnaissance section with new tools and techniques (#1365)
aniu26
authored
f0e046d
Copy full SHA for f0e046d
Commits on Mar 14, 2026
docs: update HtmlUnit entry with current info (fixes #1361) (#1364)
Aahil-Riyaz
authored
9334063
Copy full SHA for 9334063
Commits on Mar 13, 2026
Improve command injection documentation with additional techniques an… (#1362)
prasunsrivastav123-lang
authored
51365f4
Copy full SHA for 51365f4
Commits on Mar 12, 2026
Add Online Resources section to Testing Tools appendix (#1360)
Nik-ui
authored
1a3c911
Copy full SHA for 1a3c911
Commits on Mar 10, 2026
PR for #734 and updating cryptographic recommendations for TLS usage (#1357)
JamarleyHub
authored
5f8fb8f
Copy full SHA for 5f8fb8f
Commits on Mar 5, 2026
Improve guidance on secure storage of password reset tokens (#1354)
Show description for eb6a2e1
3 people
authored
eb6a2e1
Copy full SHA for eb6a2e1
Previous
Next
You can’t perform that action at this time.