OWASP Web Security Testing Guide v4.2 released

Announcing the release of a new version of the OWASP WSTG.

cybersecurity   open-source  

I’m very happy and proud to share that the Open Web Application Security Project (OWASP) Web Security Testing Guide v4.2 is now available! This update is the result of a lot of hard work by the repository team and many dedicated contributors. With a team like this, I’m honored to be a core maintainer and co-author.

Here’s a reprint of the announcement I wrote for owasp.org. If you’re interested in security testing for web applications and APIs, this is an update you’ll definitely want to check out!

You can become a contributor yourself by joining us on GitHub!


Web Security Testing Guide v4.2 Released

Thursday, December 3, 2020

The OWASP Web Security Testing Guide team is proud to announce version 4.2 of the Web Security Testing Guide (WSTG)! In keeping with a continuous delivery mindset, this new minor version adds content as well as improves the existing tests.

In recent years, the Web Security Testing Guide has sought to remain your foremost open source resource for web application testing. Our previous release marked a move from a cumbersome wiki platform to the highly collaborative world of GitHub. Since then, over 61 new contributors pushing over 600 commits have helped to make the WSTG better than ever.

Version 4.2 of the Web Security Testing Guide introduces new testing scenarios, updates existing chapters, and offers an improved reading experience with a clearer writing style and chapter layout. Readers will enjoy easier navigation and consistent testing instructions.

With new improvements to our development workflow, new contributors will find it easier than ever to help build future versions of the WSTG. A clear and concise contributor’s guide and style guide can help you write new tests or ensure existing scenarios stay current. Core maintainers Rick Mitchell, Elie Saad, Rejah Rehim, and Victoria Drake have implemented modern processes like continuous integration with GitHub Actions. New workflows help to build PDFs and make reviewing new additions and updates easier.

We couldn’t be happier to share this new version with you, and we don’t plan to slow down anytime soon. The dedicated volunteers who’ve made this release possible are already hard at work on the next major version of the WSTG. Come join us and become a contributor!

You can read the Web Security Testing Guide v4.2 online or download a PDF on our project page. We greatly appreciate all the authors, editors, reviewers, and readers who make this open source security endeavor worthwhile.

Thank you for being a part of the WSTG!