owasp/cheatsheetseries

★ 31,930PythonAudience · developerComplexity · 1/5LicenseSetup · easy

Mindmap

mindmap
  root((OWASP Cheat Sheets))
    Content
      Authentication
      SQL injection
      Password storage
      Cross-site scripting
    Format
      Markdown files
      Static website
    Audience
      Developers
      Security engineers
      Students
    Use cases
      Code review
      Threat modeling
      Learning security

mindmap root((OWASP Cheat Sheets)) Content Authentication SQL injection Password storage Cross-site scripting Format Markdown files Static website Audience Developers Security engineers Students Use cases Code review Threat modeling Learning security

Click or tap to explore — scroll the page freely

Things people build with this

USE CASE 1

Look up the best way to safely store user passwords when building a login system.

USE CASE 2

Check the recommended defenses against SQL injection or cross-site scripting during a code review.

USE CASE 3

Use as a reference checklist when adding authentication or a new payment flow to a web app.

USE CASE 4

Build and browse the full cheat sheet site offline for use without internet access.

Tech stack

MarkdownPythonDocker

Getting it running

Difficulty · easy Time to first run · 5min

No setup needed to read the docs online, building the site locally requires Python and optionally Docker.

Use freely for any purpose, including commercial use.

In plain English

This repository is the official source for the OWASP Cheat Sheet Series, a large collection of security guidance documents aimed at developers who are building web applications and want to avoid common security mistakes. OWASP stands for the Open Worldwide Application Security Project, a well-known non-profit organization dedicated to improving software security. The problem it solves is that security is a broad and complex topic, and developers often struggle to find concise, practical advice on specific issues, things like how to safely handle passwords, prevent SQL injection attacks, set up secure authentication, or protect against cross-site scripting (a type of attack where malicious code is injected into web pages). Instead of reading entire books or lengthy documentation, developers can look up a cheat sheet for the specific topic they need and get a focused, high-quality summary of best practices. The content itself is written as Markdown files (a simple text formatting language) and published to a website generated by a Python-based build tool. There is no executable application here, the Python code mainly handles generating the static website from the source files. Developers can also build the site locally to browse all the cheat sheets offline. You would turn to this repository when you are a developer, security engineer, or student who wants quick, trusted, peer-reviewed guidance on application security topics. It is particularly useful during code review, threat modeling, or when implementing a new feature that touches security-sensitive areas. The tech stack consists of Markdown source files, a Python-based static site generator, and optional Docker support for local builds.

Copy-paste prompts

Prompt 1

I'm building a login system in Python. Based on the OWASP Password Storage Cheat Sheet, what hashing algorithm and configuration should I use, and how do I implement it?

Prompt 2

My web app takes user-supplied input and puts it in a SQL query. Walk me through the OWASP SQL Injection prevention techniques and show me a parameterized query example in Node.js.

Prompt 3

I need to implement CSRF protection in my Express.js app. What does the OWASP CSRF Cheat Sheet recommend and how do I add it?

Prompt 4

Explain the OWASP recommendations for secure session management, cookie flags, expiry, and what to do on logout.

Open on GitHub → Explain another repo

← owasp on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.