https://cheatsheetseries.owasp.org/OWASP Cheat Sheet Series update2025-07-25T17:27:38+00:00Core teamdominique.righetto@owasp.orgpython-feedgenhttps://cheatsheetseries.owasp.org/gitbook/images/favicon.icoList of the last updates on the contenthttps://github.com/OWASP/CheatSheetSeries/pull/1590Update Authorization_Testing_Automation_Cheat_Sheet.md spelling error2025-01-16T14:48:17+00:002025-01-16T14:48:17+00:00https://github.com/OWASP/CheatSheetSeries/pull/1591Update Mass_Assignment_Cheat_Sheet.md correcting spelling error2025-01-16T14:55:27+00:002025-01-16T14:55:27+00:00https://github.com/OWASP/CheatSheetSeries/pull/1592https://github.com/OWASP/CheatSheetSeries/issues/15612025-01-17T13:06:56+00:002025-01-17T13:06:56+00:00https://github.com/OWASP/CheatSheetSeries/pull/1593Update Logging_Cheat_Sheet.md ampersand removal2025-01-17T13:05:20+00:002025-01-17T13:05:20+00:00https://github.com/OWASP/CheatSheetSeries/pull/1594Update NPM_Security_Cheat_Sheet.md spelling error2025-01-17T13:05:52+00:002025-01-17T13:05:52+00:00https://github.com/OWASP/CheatSheetSeries/pull/1595Update Session_Management_Cheat_Sheet.md possession and plural change2025-01-24T08:00:55+00:002025-01-24T08:00:55+00:00https://github.com/OWASP/CheatSheetSeries/pull/1597Upate threat modeling cheatsheet2025-01-28T13:55:41+00:002025-01-28T13:55:41+00:00https://github.com/OWASP/CheatSheetSeries/pull/1599Remove outdated Expect-CT advice from Node cheatsheet. Fixes #15982025-02-02T06:41:59+00:002025-02-02T06:41:59+00:00https://github.com/OWASP/CheatSheetSeries/pull/1600Fix typo in Kubernetes_Security_Cheat_Sheet.md2025-01-29T13:43:10+00:002025-01-29T13:43:10+00:00https://github.com/OWASP/CheatSheetSeries/pull/1602Updated cheat sheet: Removed EMET and added new recommendations.2025-02-02T06:45:31+00:002025-02-02T06:45:31+00:00https://github.com/OWASP/CheatSheetSeries/pull/1603Update Cross_Site_Scripting_Prevention_Cheat_Sheet.md to remove duplicate wording2025-02-03T14:21:20+00:002025-02-03T14:21:20+00:00https://github.com/OWASP/CheatSheetSeries/pull/1604Update Input_Validation_Cheat_Sheet.md missing capitalisation.2025-02-03T14:19:53+00:002025-02-03T14:19:53+00:00https://github.com/OWASP/CheatSheetSeries/pull/1606Change Open Web Application Security Project to Open Worldwide Applic…2025-02-03T14:21:45+00:002025-02-03T14:21:45+00:00https://github.com/OWASP/CheatSheetSeries/pull/1608Update Credential_Stuffing_Prevention_Cheat_Sheet.md2025-02-04T13:17:16+00:002025-02-04T13:17:16+00:00https://github.com/OWASP/CheatSheetSeries/pull/1610Update Password_Storage_Cheat_Sheet.md2025-02-04T13:17:03+00:002025-02-04T13:17:03+00:00https://github.com/OWASP/CheatSheetSeries/pull/1611Fix typos in multiple cheatsheets2025-02-05T09:56:44+00:002025-02-05T09:56:44+00:00https://github.com/OWASP/CheatSheetSeries/pull/1612added the drone security cheatsheet2025-02-20T13:54:33+00:002025-02-20T13:54:33+00:00https://github.com/OWASP/CheatSheetSeries/pull/1614Update XML_External_Entity_Prevention_Cheat_Sheet.md2025-02-19T14:00:09+00:002025-02-19T14:00:09+00:00https://github.com/OWASP/CheatSheetSeries/pull/1615Cookie Theft Mitigation Cheat Sheet2025-02-28T15:22:15+00:002025-02-28T15:22:15+00:00https://github.com/OWASP/CheatSheetSeries/pull/1616Minor grammar fixes to the Docker Security Cheatsheet2025-02-28T15:19:35+00:002025-02-28T15:19:35+00:00https://github.com/OWASP/CheatSheetSeries/pull/1617Tweak ZAP references2025-02-25T14:51:34+00:002025-02-25T14:51:34+00:00https://github.com/OWASP/CheatSheetSeries/pull/1618PR for issue#14582025-02-26T21:02:21+00:002025-02-26T21:02:21+00:00https://github.com/OWASP/CheatSheetSeries/pull/1619move Cookie Theft Mitigation from cheatsheet_draft/ to cheatsheet/2025-02-28T20:12:13+00:002025-02-28T20:12:13+00:00https://github.com/OWASP/CheatSheetSeries/pull/1621docs(django): Remove unsupported setting2025-03-06T00:42:45+00:002025-03-06T00:42:45+00:00https://github.com/OWASP/CheatSheetSeries/pull/1622Fixing problems with inconsistent log rules2025-03-06T13:50:02+00:002025-03-06T13:50:02+00:00https://github.com/OWASP/CheatSheetSeries/pull/1624Removed dead link in NodeJS Docker Cheat Sheet2025-03-10T13:44:29+00:002025-03-10T13:44:29+00:00https://github.com/OWASP/CheatSheetSeries/pull/1626Rename Drone Security Cheat Sheet2025-03-11T20:35:58+00:002025-03-11T20:35:58+00:00https://github.com/OWASP/CheatSheetSeries/pull/1628Optimise Dockerfile for build cache2025-03-26T15:32:15+00:002025-03-26T15:32:15+00:00https://github.com/OWASP/CheatSheetSeries/pull/1630Update Browser Extension Security Cheat Sheet2025-04-10T08:41:34+00:002025-04-10T08:41:34+00:00https://github.com/OWASP/CheatSheetSeries/pull/1632Fix false positive/negative error in Cookie Theft Mitigation2025-04-11T22:50:10+00:002025-04-11T22:50:10+00:00https://github.com/OWASP/CheatSheetSeries/pull/1633Broke into general log use cases + security use cases.2025-03-26T15:31:14+00:002025-03-26T15:31:14+00:00https://github.com/OWASP/CheatSheetSeries/pull/1634Add HMAC validation pseudocode.2025-04-22T13:39:35+00:002025-04-22T13:39:35+00:00https://github.com/OWASP/CheatSheetSeries/pull/1635Use the correct article in front of the XSS abbreviation2025-03-26T15:29:16+00:002025-03-26T15:29:16+00:00https://github.com/OWASP/CheatSheetSeries/pull/1637Update Authentication_Cheat_Sheet.md2025-04-01T12:00:59+00:002025-04-01T12:00:59+00:00https://github.com/OWASP/CheatSheetSeries/pull/1638Rework text and add some content that was removed from ASVS.2025-04-08T22:32:02+00:002025-04-08T22:32:02+00:00https://github.com/OWASP/CheatSheetSeries/pull/1639Remove link that no longer contains information2025-04-08T22:32:34+00:002025-04-08T22:32:34+00:00https://github.com/OWASP/CheatSheetSeries/pull/1640Fix incorrect use of false positives/negatives in Cookie Theft Mitigation (Fixes #1631)2025-04-08T16:42:47+00:002025-04-08T16:42:47+00:00https://github.com/OWASP/CheatSheetSeries/pull/1642Update Session_Management_Cheat_Sheet.md2025-04-11T22:49:34+00:002025-04-11T22:49:34+00:00https://github.com/OWASP/CheatSheetSeries/pull/1643Update Bean_Validation_Cheat_Sheet.md2025-04-14T14:21:16+00:002025-04-14T14:21:16+00:00https://github.com/OWASP/CheatSheetSeries/pull/1644Update Cross-Site_Request_Forgery_Prevention_Cheat_Sheet - issue 15352025-04-15T12:43:50+00:002025-04-15T12:43:50+00:00https://github.com/OWASP/CheatSheetSeries/pull/1645Update Session Management Cheat Sheet: use Cache-Control: no-store2025-04-14T14:28:06+00:002025-04-14T14:28:06+00:00https://github.com/OWASP/CheatSheetSeries/pull/1647Update Authentication_Cheat_Sheet.md2025-04-17T14:55:45+00:002025-04-17T14:55:45+00:00https://github.com/OWASP/CheatSheetSeries/pull/1648Spelling error fix on XXE cheat sheet under dot net. 2025-04-22T13:41:21+00:002025-04-22T13:41:21+00:00https://github.com/OWASP/CheatSheetSeries/pull/1649fix: missing spell of a filename2025-04-22T19:53:57+00:002025-04-22T19:53:57+00:00https://github.com/OWASP/CheatSheetSeries/pull/1650Promote @szh and @kwwall to project leaders2025-04-22T20:22:08+00:00jmanicohttps://github.com/jmanico2025-04-22T20:22:08+00:00https://github.com/OWASP/CheatSheetSeries/pull/1651Update recommendation about safe strings in Django templates2025-04-23T15:53:07+00:002025-04-23T15:53:07+00:00https://github.com/OWASP/CheatSheetSeries/pull/1652XSS_Filter_Evasion_Cheat_Sheet: Fix Markdown link syntax2025-04-24T15:25:12+00:002025-04-24T15:25:12+00:00https://github.com/OWASP/CheatSheetSeries/pull/1653Update links to Django docs2025-04-29T13:22:55+00:002025-04-29T13:22:55+00:00https://github.com/OWASP/CheatSheetSeries/pull/1654Move @kwwall to Core Team at his request2025-04-30T17:47:39+00:002025-04-30T17:47:39+00:00https://github.com/OWASP/CheatSheetSeries/pull/1656Update Kubernetes_Security_Cheat_Sheet.md2025-05-01T17:36:59+00:002025-05-01T17:36:59+00:00https://github.com/OWASP/CheatSheetSeries/pull/1657Add some content on adaptive auth2025-05-19T11:20:36+00:002025-05-19T11:20:36+00:00https://github.com/OWASP/CheatSheetSeries/pull/1661Logging vocab updates2025-05-06T19:53:28+00:002025-05-06T19:53:28+00:00https://github.com/OWASP/CheatSheetSeries/pull/1662Migrate to new datetime API2025-05-06T19:56:17+00:002025-05-06T19:56:17+00:00https://github.com/OWASP/CheatSheetSeries/pull/1664add recommendations on hardware backed security & attestation checks2025-05-19T19:38:47+00:002025-05-19T19:38:47+00:00https://github.com/OWASP/CheatSheetSeries/pull/1666remove IE references2025-05-19T11:19:14+00:002025-05-19T11:19:14+00:00https://github.com/OWASP/CheatSheetSeries/pull/1671Add updates to CSRF Prevention in modern frameworks2025-05-20T13:15:20+00:002025-05-20T13:15:20+00:00https://github.com/OWASP/CheatSheetSeries/pull/1672clarify vulnerabilities of naive double-submit and emphasize required session binding2025-05-26T13:54:35+00:002025-05-26T13:54:35+00:00https://github.com/OWASP/CheatSheetSeries/pull/1673standardize csrf header name2025-06-10T13:14:15+00:002025-06-10T13:14:15+00:00https://github.com/OWASP/CheatSheetSeries/pull/1674update javascript examples2025-05-26T13:52:23+00:002025-05-26T13:52:23+00:00https://github.com/OWASP/CheatSheetSeries/pull/1675add typescript example2025-06-10T13:13:42+00:002025-06-10T13:13:42+00:00https://github.com/OWASP/CheatSheetSeries/pull/1676docs: fixing grammar on authorization cheat sheet2025-05-23T08:01:21+00:002025-05-23T08:01:21+00:00https://github.com/OWASP/CheatSheetSeries/pull/1677change outdated information2025-05-26T13:49:28+00:002025-05-26T13:49:28+00:00https://github.com/OWASP/CheatSheetSeries/pull/1678add llm prompt injection cheatsheet2025-05-26T13:48:24+00:002025-05-26T13:48:24+00:00https://github.com/OWASP/CheatSheetSeries/pull/1680docs: fix grammar and clarify JWT token replay prevention strategy2025-05-26T13:45:10+00:002025-05-26T13:45:10+00:00https://github.com/OWASP/CheatSheetSeries/pull/1681rename fundamental to common2025-05-29T17:47:40+00:002025-05-29T17:47:40+00:00https://github.com/OWASP/CheatSheetSeries/pull/1682add Typoglycemia & BoN techniques2025-06-03T20:13:28+00:002025-06-03T20:13:28+00:00https://github.com/OWASP/CheatSheetSeries/pull/1684Enhance SAXBuilder's XXE fix by disabling external DTDs2025-06-04T08:12:33+00:002025-06-04T08:12:33+00:00https://github.com/OWASP/CheatSheetSeries/pull/1685add ZTA cheatsheet2025-06-11T12:51:43+00:002025-06-11T12:51:43+00:00https://github.com/OWASP/CheatSheetSeries/pull/1687Adaptive auth section2025-06-11T18:59:36+00:002025-06-11T18:59:36+00:00https://github.com/OWASP/CheatSheetSeries/pull/1688Bump requests from 2.32.3 to 2.32.42025-06-11T12:52:44+00:002025-06-11T12:52:44+00:00https://github.com/OWASP/CheatSheetSeries/pull/1689Bump jinja2 from 3.1.4 to 3.1.62025-06-11T12:52:21+00:002025-06-11T12:52:21+00:00https://github.com/OWASP/CheatSheetSeries/pull/1692Add guidance for reauthentication after risk events2025-06-12T18:48:59+00:002025-06-12T18:48:59+00:00https://github.com/OWASP/CheatSheetSeries/pull/1695Feature/image for drone security cheat sheet2025-06-17T15:34:19+00:002025-06-17T15:34:19+00:00https://github.com/OWASP/CheatSheetSeries/pull/1699Update dependencies; fix lint errors2025-06-17T15:58:36+00:00szhhttps://github.com/szh2025-06-17T15:58:36+00:00https://github.com/OWASP/CheatSheetSeries/pull/1700Small typo fix2025-06-20T14:47:16+00:002025-06-20T14:47:16+00:00https://github.com/OWASP/CheatSheetSeries/pull/1702Fix links in Network_Segmentation_Cheat_Sheet2025-06-20T14:48:09+00:002025-06-20T14:48:09+00:00https://github.com/OWASP/CheatSheetSeries/pull/1706Fix typo in XSS cheatsheet2025-06-20T13:29:34+00:002025-06-20T13:29:34+00:00https://github.com/OWASP/CheatSheetSeries/pull/1707Update the CSP cheatsheet to remove redundant wording2025-06-20T13:30:41+00:002025-06-20T13:30:41+00:00https://github.com/OWASP/CheatSheetSeries/pull/1708Fix typos, grammar, and styling in AJAX Security Cheat Sheet2025-06-20T14:49:36+00:002025-06-20T14:49:36+00:00https://github.com/OWASP/CheatSheetSeries/pull/1711Update Threat_Modeling_Cheat_Sheet.md2025-06-24T13:38:42+00:002025-06-24T13:38:42+00:00https://github.com/OWASP/CheatSheetSeries/pull/1712Update: Add section of DOM skimming to browser extension vuln CS2025-06-24T13:22:24+00:002025-06-24T13:22:24+00:00https://github.com/OWASP/CheatSheetSeries/pull/1715Update: mention `openOrClosedShadowRoot` in browser extension vuln CS2025-07-16T17:25:48+00:002025-07-16T17:25:48+00:00https://github.com/OWASP/CheatSheetSeries/pull/1717add gRPC_Security_Cheat_Sheet.md2025-07-25T07:08:48+00:002025-07-25T07:08:48+00:00https://github.com/OWASP/CheatSheetSeries/pull/1718Update: Add section of Prototype-based skimming to browser extension vuln CS2025-07-25T17:00:38+00:002025-07-25T17:00:38+00:00https://github.com/OWASP/CheatSheetSeries/pull/1720docs: fix grammar, spelling and styling in Authentication Cheat Sheet2025-07-03T13:27:59+00:002025-07-03T13:27:59+00:00https://github.com/OWASP/CheatSheetSeries/pull/1721docs(authentication): update asvs v5 password security requirement link reference2025-07-03T13:28:10+00:002025-07-03T13:28:10+00:00https://github.com/OWASP/CheatSheetSeries/pull/1724Update: Input Validation Cheat Sheet2025-07-03T13:27:42+00:002025-07-03T13:27:42+00:00https://github.com/OWASP/CheatSheetSeries/pull/1726Update: Added rate limiting section to Laravel cheat sheet2025-07-23T15:55:39+00:002025-07-23T15:55:39+00:00https://github.com/OWASP/CheatSheetSeries/pull/1727Add project security policy SECURITY.md2025-07-08T13:00:26+00:002025-07-08T13:00:26+00:00https://github.com/OWASP/CheatSheetSeries/pull/1729docs(ajax security): update 'innerHTML' guide #17282025-07-25T13:38:40+00:002025-07-25T13:38:40+00:00https://github.com/OWASP/CheatSheetSeries/pull/1730Add peppering strategies to Password Storage Cheat Sheet (#1683)2025-07-14T13:33:55+00:002025-07-14T13:33:55+00:00https://github.com/OWASP/CheatSheetSeries/pull/1731References to SecureString and GuardedString removed from Secret Mgmt CS2025-07-21T12:59:29+00:002025-07-21T12:59:29+00:00https://github.com/OWASP/CheatSheetSeries/pull/1734Rewrite a few awkward phrases2025-07-24T19:03:05+00:002025-07-24T19:03:05+00:00https://github.com/OWASP/CheatSheetSeries/pull/1736Add Permissions section to Node.js Security Cheat Sheet2025-07-25T06:58:27+00:002025-07-25T06:58:27+00:00https://github.com/OWASP/CheatSheetSeries/pull/1737Fix: Converted hardcoded GitHub links to relative paths (#1703)2025-07-25T17:27:11+00:002025-07-25T17:27:11+00:00