A cheat sheet is a concise set of notes used for quick reference.
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific web application security topics. These cheat sheets were created by various application security professionals who have expertise in specific topics. We hope that the OWASP Cheat Sheet Series provides you with excellent security guidance in an easy to read format.
S.No | Name of the Cheat Sheet | Category | Link |
---|---|---|---|
1 | 3rd Party Javascript Management | Developer/Builder | Click Here |
2 | Access Control | Developer/Builder | Click Here |
3 | AJAX Security Cheat Sheet | Developer/Builder | Click Here |
4 | Authentication (ES) | Developer/Builder | Click Here |
5 | Bean Validation Cheat Sheet | Developer/Builder | Click Here |
6 | Choosing and Using Security Questions | Developer/Builder | Click Here |
7 | Clickjacking Defense | Developer/Builder | Click Here |
8 | C-Based Toolchain Hardening | Developer/Builder | Click Here |
9 | Credential Stuffing Prevention Cheat Sheet | Developer/Builder | Click Here |
10 | Cross-Site Request Forgery (CSRF) Prevention | Developer/Builder | Click Here |
11 | Cryptographic Storage | Developer/Builder | Click Here |
12 | Deserialization | Developer/Builder | Click Here |
13 | DOM based XSS Prevention | Developer/Builder | Click Here |
14 | Forgot Password | Developer/Builder | Click Here |
15 | HTML5 Security | Developer/Builder | Click Here |
16 | HTTP Strict Transport Security | Developer/Builder | Click Here |
17 | Injection Prevention Cheat Sheet | Developer/Builder | Click Here |
18 | Injection Prevention Cheat Sheet in Java | Developer/Builder | Click Here |
19 | JSON Web Token (JWT) Cheat Sheet for Java | Developer/Builder | Click Here |
20 | Input Validation | Developer/Builder | Click Here |
21 | JAAS | Developer/Builder | Click Here |
22 | LDAP Injection Prevention | Developer/Builder | Click Here |
23 | Logging | Developer/Builder | Click Here |
24 | Mass Assignment Cheat Sheet | Developer/Builder | Click Here |
25 | .NET Security | Developer/Builder | Click Here |
26 | OWASP Top Ten | Developer/Builder | Click Here |
27 | Password Storage | Developer/Builder | Click Here |
28 | Pinning | Developer/Builder | Click Here |
29 | Query Parameterization | Developer/Builder | Click Here |
30 | Ruby on Rails | Developer/Builder | Click Here |
31 | Session Management | Developer/Builder | Click Here |
32 | SAML Security | Developer/Builder | Click Here |
33 | SQL Injection Prevention | Developer/Builder | Click Here |
34 | Transaction Authorization | Developer/Builder | Click Here |
35 | Transport Layer Protection | Developer/Builder | Click Here |
36 | Unvalidated Redirects and Forwards | Developer/Builder | Click Here |
37 | User Privacy Protection | Developer/Builder | Click Here |
38 | Web Service Security | Developer/Builder | Click Here |
39 | XSS (Cross Site Scripting) Prevention | Developer/Builder | Click Here |
40 | XML External Entity (XXE) Prevention Cheat Sheet | Developer/Builder | Click Here |
41 | Attack Surface Analysis | Assessment / Breaker | Click Here |
42 | REST Assessment | Assessment / Breaker | Click Here |
43 | Web Application Security Testing | Assessment / Breaker | Click Here |
44 | XML Security Cheat Sheet | Assessment / Breaker | Click Here |
45 | XSS Filter Evasion | Assessment / Breaker | Click Here |
46 | Android Testing | Mobile | Click Here |
47 | IOS Developer | Mobile | Click Here |
48 | Mobile Jailbreaking | Mobile | Click Here |
49 | Virtual Patching | OpSec / Defender | Click Here |
50 | Application Security Architecture | Draft and Beta | Click Here |
51 | Business Logic Security | Draft and Beta | Click Here |
52 | Command Injection Defense Cheat Sheet | Draft and Beta | Click Here |
53 | Content Security Policy | Draft and Beta | Click Here |
54 | Denial of Service Cheat Sheet | Draft and Beta | Click Here |
55 | Grails Secure Code Review | Draft and Beta | Click Here |
56 | Insecure Direct Object Reference Prevention | Draft and Beta | Click Here |
57 | IOS Application Security Testing | Draft and Beta | Click Here |
58 | Key Management | Draft and Beta | Click Here |
59 | PHP Security | Draft and Beta | Click Here |
60 | REST Security | Draft and Beta | Click Here |
61 | Regular Expression Security Cheatsheet | Draft and Beta | Click Here |
62 | Secure Coding | Draft and Beta | Click Here |
63 | Secure SDLC | Draft and Beta | Click Here |
64 | Threat Modeling | Draft and Beta | Click Here |
65 | Vulnerability Disclosure | Draft and Beta | Click Here |
- Top 10 Emerging Threats in Cloud Security You Need To Know
- CTEM – A Strategic Approach to Mitigating Cyber Risks
- AI in Penetration Testing – Revolutionizing Security Assessments
- Protecting Your Organization from AI-Enhanced Social Engineering Attacks
- The Rise of AI-Powered Cyber Attacks in 2025
- Top 5 Penetration Testing Methodologies to Follow in 2025
- Top 10 Penetration Testing Tools Every Security Professional Should Know in 2025
- Emerging Trends in Vulnerability Assessment and Penetration Testing (VAPT) for 2025
- The Role of Cybersecurity in Protecting IoT Devices in 2025
- Understanding the Five Phases of Penetration Testing