Docs

Cheatsheets

Practical application security guides and references, organized by category.

Source: OWASP Cheat Sheet Series

Access Control

Authorization, IDOR, and privilege boundaries.

3 docs

API & Services

Secure REST, GraphQL, gRPC, and WebSocket usage.

4 docs

Architecture & Design

Threat modeling, attack surface, and secure design.

4 docs

Authentication & Session

Account auth, MFA, credential hygiene, and sessions.

7 docs

Basics & Transport

Core HTTP and TLS hardening for web apps.

3 docs

Browser Security

CSP, DOM protections, cookie safety, and XS leaks.

5 docs

Cloud & Platform

Docker, Kubernetes, serverless, and IaC security.

3 docs

CSRF & Redirects

Defense against CSRF, clickjacking, and redirects.

3 docs

Data & Secrets

Crypto storage, key management, secrets, file upload.

4 docs

Injection

SQL/NoSQL, OS command, LDAP, deserialization, and XXE.

7 docs

Logging & Errors

Robust logging and error handling practices.

2 docs

Microservices

Security considerations for microservices architectures.

2 docs

SSRF

Server-side request forgery prevention.

1 doc

Server-Side Request Forgery Prevention

Supply Chain

Dependencies, SBOM, and software supply chain hygiene.

3 docs

Testing & Review

Secure code review and API assessment.

2 docs

Validation & XSS

Safe input handling and XSS prevention.

4 docs