Skip to content

Tom Fieber (@pawpawhacks)

Index

tomfieber/tomfieber.github.io

General Checks
Resources

Tom Fieber (@pawpawhacks)

tomfieber/tomfieber.github.io

General Checks
Resources
Resources
- Methodology
  Methodology
  - OWASP WSTG
    
    OWASP WSTG
  - Cheatsheets
    Cheatsheets
    
    API Testing
    
    Authentication
    
    Broken Access Control/IDOR
    
    Client-Side Path Traversal
    
    Command Injection
    
    Cross Origin Resource Sharing (CORS)
    
    Cross-Site Request Forgery (CSRF)
    
    File Uploads
    
    JSON Web Tokens (JWT)
    
    Local File Read
    
    OAuth 2.0
    
    Open redirects
    
    JavaScript Prototype Pollution
    
    Recon
    
    SQL Injection
    
    Server-Side Request Forgery (SSRF)
    
    SSTI Testing Methodology
    
    TLS Handshake
    
    XPath Injection
    
    Cross-Site Scripting (XSS)
    
    XML External Entity (XXE) Injection
- Wordlists
  Wordlists
  - General
    
    General

On this page

OWASP Web Security Testing Guide
Cheatsheets

General Checks
Resources

Index

OWASP Web Security Testing Guide

Cheatsheets

Application Programming Interface (API)
Authentication
Broken Access Control
Client-Side Path Traversal (CSPT)
Command Injection
Cross-Origin Resource Sharing (CORS)
Cross-Site Request Forgery (CSRF)
File Uploads
JSON Web Tokens (JWT)
Local File Read
OAuth
Open Redirects
JS Prototype Pollution
Recon
SQL Injection (SQLi)
Server-Side Request Forgery (SSRF)
Sever-Side Template Injection (SSTI)
TLS Handshake
XPath Injection
Cross-Site Scripting (XSS)
XML External Entity (XXE)

OWASP Web Security Testing Guide (WSTG) Checklist

Copyright © 2026 Tom Fieber

Made with Zensical