owasp.org
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-04-22.
AuthN 4
AuthZ 4
XSS 4
API Sec 3
SSRF 3
Talks 3
Deser 2
Python 2
SQLi 2
Bug Bounty 1
CSRF 1
GraphQL 1
IDOR 1
JWT 1
Mobile 1
Recon 1
SSTI 1
Supply Chain 1
XXE 1
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-04-22 2026 | OWASP Test for Subdomain TakeoverRecon | OWASP Test for Subdomain Takeover |
| 2026-04-19 2026 | OWASP Top 10 2025 — A01 Broken Access ControlAuthZ | OWASP Top 10 2025 — A01 Broken Access Control |
| 2026-04-17 2026 | Exploiting deserialization in recent Java versions (OWASP Stuttgart)Deser | Exploiting deserialization in recent Java versions (OWASP Stuttgart) |
| 2026-04-17 2026 | OWASP WSTG: Testing GraphQLGraphQL | OWASP WSTG: Testing GraphQL |
| 2026-04-16 2026 | OWASP API Security Testing FrameworkAPI Sec | OWASP API Security Testing Framework |
| 2026-04-10 2026 | OWASP WSTG: Testing for Session FixationAuthN | OWASP WSTG: Testing for Session Fixation |
| 2026-04-10 2026 | OWASP: Session Fixation ProtectionAuthN | OWASP: Session Fixation Protection |
| 2026-04-10 2026 | OWASP: Session fixation attackAuthN | OWASP: Session fixation attack |
| 2026-04-10 2026 | OWASP Top 10 A07: Identification and Authentication FailuresAuthN | OWASP Top 10 A07: Identification and Authentication Failures |
| 2026-04-10 2026 | OWASP Testing for Server Side Template InjectionSSTI | OWASP Testing for Server Side Template Injection |
| 2026-04-10 2026 | OWASP WSTG: Testing JSON Web TokensJWT | OWASP WSTG: Testing JSON Web Tokens |
| 2026-04-10 2026 | BLA9:2025 Broken Access Control - OWASPAuthZ | BLA9:2025 Broken Access Control - OWASP |
| 2026-04-10 2026 | OWASP Global & Regional EventsTalks | OWASP Global & Regional Events |
| 2026-04-10 2026 | OWASP AppSec Days Developer Security SummitTalks | OWASP AppSec Days Developer Security Summit |
| 2026-04-10 2026 | IDOR - OWASP FoundationIDOR | IDOR - OWASP Foundation |
| 2026-04-10 2026 | CSRF - OWASP FoundationCSRF | CSRF - OWASP Foundation |
| 2026-04-10 2026 | SQL Injection - OWASPSQLi | SQL Injection - OWASP |
| 2026-04-03 2026 | SQL Injection Bypassing WAF | OWASPSQLi | SQL Injection Bypassing WAF | OWASP |
| 2026-04-03 2026 | XML External Entity (XXE) Processing | OWASPXXE | XML External Entity (XXE) Processing | OWASP |
| 2026-04-03 2026 | Insecure Deserialization | OWASPDeser | Insecure Deserialization | OWASP |
| 2026-04-03 2026 | A03 Software Supply Chain Failures - OWASP Top 10:2025Supply Chain | A03 Software Supply Chain Failures - OWASP Top 10:2025 |
| 2026-04-03 2026 | OWASP Mobile Top 10Mobile | OWASP Mobile Top 10 |
| 2026-04-03 2026 | OWASP API Security Top 10API Sec | OWASP API Security Top 10 |
| 2026-04-03 2026 | Testing for Privilege Escalation | OWASP WSTGAuthZ | Testing for Privilege Escalation | OWASP WSTG |
| 2026-04-03 2026 | Testing for Insecure Direct Object References | OWASP WSTGAuthZ | Testing for Insecure Direct Object References | OWASP WSTG |
| 2026-04-03 2026 | OWASP API Security Project | OWASP FoundationAPI Sec | The API Security project focuses on strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of Application Programming Interfaces (APIs) |
| 2026-03-01 2026 | Server Side Request Forgery - OWASP FoundationSSRF | Server Side Request Forgery - OWASP Foundation |
| 2025-08-14 2025 | Cross Site Scripting (XSS) | OWASP FoundationXSS | The content provided is a title mentioning Cross Site Scripting (XSS) from the OWASP Foundation. XSS is a common web security vulnerability where attackers inject malicious scripts into web pages viewed by other users. This can lead to unauthorized access, data theft, and other malicious activities. OWASP Foundation is a non-profit organization focused on improving software security. The title suggests that the content likely discusses XSS in more detail, providing insights, prevention methods, and best practices to mitigate this security risk. |
| 2025-08-14 2025 | XSS (Cross Site Scripting) Prevention Cheat Sheet - OWASPXSS | The content is a XSS (Cross Site Scripting) Prevention Cheat Sheet provided by the Open Web Application Security Project (OWASP). It likely contains guidelines, best practices, and techniques to prevent XSS attacks on web applications. OWASP is a well-known organization that focuses on improving the security of software. The cheat sheet is a concise resource that developers can refer to for preventing XSS vulnerabilities in their web applications. |
| 2025-08-14 2025 | A10 Server Side Request Forgery (SSRF) - OWASP Top 10:2021SSRF | The content mentions A10 Server Side Request Forgery (SSRF) as part of the OWASP Top 10:2021 list. SSRF is a vulnerability where an attacker can manipulate a server into making unauthorized requests, potentially leading to data breaches or server exploitation. This issue is significant in web security and is highlighted in the latest OWASP Top 10 list as a critical concern for organizations to address to protect their systems and data. |
| 2025-08-14 2025 | WSTG - v4.2 | OWASP FoundationSSRF | The content is a reference to the Web Security Testing Guide (WSTG) version 4.2 provided by the OWASP Foundation. The WSTG is a comprehensive guide that outlines best practices and techniques for testing the security of web applications. It covers various aspects of web security testing to help developers and security professionals identify and address vulnerabilities in web applications. The OWASP Foundation is a non-profit organization dedicated to improving software security, and the WSTG is one of the resources they offer to promote secure web development practices. |
| 2024-07-22 2024 | DOM Based XSS | OWASP FoundationBug BountyXSS | DOM Based XSS on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software. |
| 2022-09-13 2022 | OWASP PygoatPython | OWASP Pygoat is a project that aims to provide a vulnerable web application for security testing and educational purposes. It offers a platform for users to practice and improve their skills in identifying and fixing security vulnerabilities in Python-based web applications. By using Pygoat, individuals can enhance their understanding of common security issues and learn how to secure web applications effectively. The project is part of the Open Web Application Security Project (OWASP) and serves as a valuable resource for developers, security professionals, and anyone interested in cybersecurity. |
| 2022-09-13 2022 | OWASP Pygoat | OWASP FoundationPython | The OWASP Pygoat project is described in a very concise manner, with the content stating it as "A very brief, one-line description of your project." This suggests that the project aims to provide a succinct overview or summary of a particular topic or project within the OWASP Foundation. |
| 2021-12-07 2021 | Owasp bucharest 2017 antukhTalks | Owasp bucharest 2017 antukh |
| 2018-05-07 2018 | XSS (Cross Site Scripting) Prevention Cheat Sheet - OWASPXSS | The content is about the XSS (Cross Site Scripting) Prevention Cheat Sheet provided by OWASP. It is a resource that contains guidelines and best practices to prevent XSS attacks on websites. The cheat sheet is part of a larger project that offers various resources for web security. It serves as a comprehensive reference for developers to protect their websites from malicious scripts. The content emphasizes the importance of implementing security measures to safeguard against XSS vulnerabilities. |