# OWASP Web Security Testing Guide (WSTG)

# Acronyms, Abbreviations, and Initialisms

Short Form Full Form
API Application Programming Interface
OWASP Open Web Application Security Project
WSTG Web Security Testing Guide

# Overview

The Web Security Testing Guide (WSTG) is a comprehensive guide to testing the security of web applications and web services. Created by the collaborative efforts of cybersecurity professionals and dedicated volunteers, the WSTG provides a framework of best practices used by penetration testers and organizations all over the world.

# Testing Methods

  1. Information Gathering
  2. Configuration and Deployment Management Testing
  3. Identity Management Testing
  4. Authentication Testing
  5. Authorization Testing
  6. Session Management Testing
  7. Input Validation Testing
  8. Testing for Error Handling
  9. Testing for Weak Cryptography
  10. Business Logic Testing
  11. Client-side Testing
  12. API Testing

# Noteworthy

  • The OWASP WSTG contains 12 methods of testing.
  • The OWASP WSTG provides guidance for testing web applications and web services.

# Sources