CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Install / Use
/learn @OWASP/CheatSheetSeriesREADME
Welcome to the OWASP Cheat Sheet Series
Welcome to the official repository for the Open Worldwide Application Security Project® (OWASP) Cheat Sheet Series project. The project focuses on providing good security practices for builders in order to secure their applications.
In order to read the cheat sheets and reference them, use the project official website. The project details can be viewed on the OWASP main website without the cheat sheets.
:triangular_flag_on_post: Markdown files are the working sources and aren't intended to be referenced in any external documentation, books or websites.
Cheat Sheet Series Team
Project Leaders
Core team
Chat With Us
We're easy to find on Slack:
- Join the OWASP Group Slack with this invitation link.
- Join the #cheatsheets channel.
Feel free to ask questions, suggest ideas, or share your best recipes.
Contributions, Feature Requests, and Feedback
We are actively inviting new contributors! To start, please read the contribution guide and our How To Make A Cheatsheet guide.
This project is only possible thanks to the work of many dedicated volunteers. Everyone is encouraged to help in ways large and small. Here are a few ways you can help:
- Read the current content and help us fix any spelling mistakes or grammatical errors.
- Choose an existing issue on GitHub and submit a pull request to fix it.
- Open a new issue to report an opportunity for improvement.
Automated Build
This link allows you to download a build (ZIP archive) of the offline website.
Local Build 
The OWASP Cheat Sheet Series website can be built and tested locally by issuing the following commands:
make install-python-requirements
make generate-site
make serve # Binds port 8000
Linting
To check markdown and terminology:
npm run lint-markdown
npm run lint-terminology
To auto-fix linting issues:
npm run lint-markdown-fix
npm run lint-terminology-fix
Container Build
The OWASP Cheat Sheet Series website can be built and tested locally inside a container by issuing the following commands:
Docker
docker build -t cheatsheetseries .
docker run --name cheatsheetseries -p 8000:8000 cheatsheetseries
Podman
podman build -t cheatsheetseries .
podman run --name cheatsheetseries -p 8000:8000 localhost/cheatsheetseries
Contributors
- From 2014 to 2018: V1 - Initial version of the project hosted on the OWASP WIKI.
- From 2019: V2 - Hosted on GitHub.
Special thanks
A special thank you to the following people for their help provided during the migration:
- Dominique Righetto: For his special leadership and guidance.
- Elie Saad: For valuable help in updating the OWASP Wiki links for all the migrated cheat sheets and for years of leadership and other project support.
- Jakub Maćkowski: For valuable help in updating the OWASP Wiki links for all the migrated cheat sheets.
Open Worldwide Application Security Project and OWASP are registered trademarks of the OWASP Foundation, Inc.
Related Skills
healthcheck
334.5kHost security hardening and risk-tolerance configuration for OpenClaw deployments
prose
334.5kOpenProse VM skill pack. Activate on any `prose` command, .prose files, or OpenProse mentions; orchestrates multi-agent workflows.
Writing Hookify Rules
82.2kThis skill should be used when the user asks to "create a hookify rule", "write a hook rule", "configure hookify", "add a hookify rule", or needs guidance on hookify rule syntax and patterns.
Agent Development
82.2kThis skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.
