About OWASP Cheat Sheet Series
Our Goal
The OWASP Cheat Sheet Series was created to provide a set of simple good practice guides for application developers and defenders to follow. Rather than focused on detailed best practices that are impractical for many developers and applications, they are intended to provide good practices that the majority of developers will actually be able to implement.
The cheat sheets are available on the main website at https://cheatsheetseries.owasp.org.
If you wish to contribute to the cheat sheets, or to suggest any improvements or changes, then please do so via the issue tracker on the GitHub repository. Alternatively, join us in the #cheatsheets channel on the OWASP Slack (details in the sidebar).
Bridge between the projects OWASP Proactive Controls, OWASP ASVS, and OWASP CSS
A work channel has been created between OWASP Proactive Controls (OPC), OWASP Application Security Verification Standard (ASVS), and OWASP Cheat Sheet Series (OCSS) using the following process:
The reason of the creation of this bridge is to help OCSS and ASVS projects by providing them:
It is not mandatory that a request for a new Cheat Sheet (or for an update) comes only from OPC/ASVS, it is just an extra channel.
> Requests from OPC/ASVS are flagged with a special label in the GitHub repository issues list in order to identify them and set them as a top level priority.
Special thanks
A special thank you to the following people for their help provided during the migration:
Project Resources
Project Leaders
@media
Project Information
License
Creative Commons
OWASP is a nonprofit foundation improving software security through open-source projects, global communities, and education. All resources are free and open to everyone.
OWASP, the OWASP logo, and Global AppSec are registered trademarks and AppSec Days, AppSec California, AppSec Cali, SnowFROC, OWASP Boston Application Security Conference, and LASCON are trademarks of the OWASP Foundation, Inc.
© 2026, OWASP Foundation Inc. All rights reserved.