Skip to content
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Branch: master
Clone or download
Latest commit fed05ee Mar 23, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
.circleci Prepare night build of the offline website using CircleCI Feb 9, 2019
.github Add PR build link Feb 8, 2019
assets Migrate Transport Layer protection CS Feb 9, 2019
cheatsheets Fix #50 Mar 23, 2019
cheatsheets_excluded Add file to keep folders Feb 17, 2019
scripts Add ASVS Index to offline site Mar 2, 2019
templates Unify all files name Dec 29, 2018
.gitignore Finalize the script to generate the offline website. Feb 3, 2019
.markdownlinkcheck.json Add a script to identify dead links in released CS Jan 7, 2019
.markdownlint.json Add VSCode workspace file and add MD linter policy to use in VSCode Dec 28, 2018
.travis.yml Add the generation of the offline website to the build in order to va… Feb 9, 2019 Create Feb 16, 2019 Fixing typo note Mar 21, 2019 Update index alphabetical Mar 8, 2019 Add Docker CS to the adequate sections of the ASVS. Mar 9, 2019 Add LICENSE ref. Feb 16, 2019 Start work on the generation of the offline site Feb 2, 2019
Project.code-workspace Add info about keyword search. Mar 14, 2019
book.json Finalize the script to generate the offline website. Feb 3, 2019

CSCounterBadge LicenseBadge PushAndPullRequestIntegrityCheck OfflineWebsiteNightBuild


Welcome to OWASP Cheat Sheet Series V2

This repository contains all the cheat sheets of the project and represent the V2 of the OWASP Cheat Sheet Series project.

Table of Contents

Cheat Sheets index

The following indexes are provided:

  • This index reference all released cheat sheets sorted alphabetically.
    • This index is automatically generated by this script.
  • This index reference all released cheat sheets using the OWASP ASVS project as reading source.
    • This index is manually managed in order to allow contribution along custom content.

You can also search into this repository using a keywords via this URL:[KEYWORDS]


More information about the GitHub search feature can be found here.

Project leaders

Project logo

Project's official logo files are hosted here.



  • Contains the cheat sheets markdown files converted with PANDOC and for which a discussion must be made in order to decide if we include them into the V2 of the project due to the content has not been updated since a long time or is not relevant anymore. See this open discussion.


  • Contains the final cheat sheets files.
  • Any .md file present into this folder is considered released.


  • Contains the assets used by the cheat sheets (images, pdf, zip...).
    • Use PNG format for the images.


  • Contains all the utility scripts used to operate the project (markdown linter audit, dead link identification...).


  • Contains templates used for different kinds of files (cheatsheet...).


  • Contains materials used to configure different behaviors of GitHub.

.circleci / .travis.yml (file):

  • Contains the definition of the integration jobs used to control the integrity and consistency of the whole project:
    • TravisCI is used to perform build and check actions at each Push or on each Pull Request.
    • CircleCI is used to perform regular scheduled build and check actions (night build).

Offline website

Unfortunately, a PDF file generation is not possible because the content is cut in some cheat sheets like for example the abuse case one.

However, to propose the possibility the consult, in a full offline mode, the collection of all cheat sheets, a script to generate a offline site using GitBook has been created. The script is here.

  • book.json: Gitbook configuration file.
  • Project preface description applied on the generated site.

Automated night build

This link provide the url where to download a night build of the offline website:

[ {
  "path" : "",
  "pretty_path" : "",
  "node_index" : 0,
  "url" : ""
} ]

The attribute url must be used to download the ZIP archive.

Manual build

Use the commands below to generate the site:

# Your python version must be >= 3.5
$ python --version
Python 3.5.3
# Dependencies:
#  sudo apt install -y nodejs
#  sudo npm install gitbook-cli -g
$ cd scripts
$ bash
Generate a offline portable website with all the cheat sheets...
Step 1/5: Init work folder.
Step 2/5: Generate the summary markdown page.
Index updated.
Summary markdown page generated.
Step 3/5: Create the expected GitBook folder structure.
Step 4/5: Generate the site.
info: found 45 pages
info: found 86 asset files
info: >> generation finished with success in 14.2s !
Step 5/5: Cleanup.
Generation finished to the folder: ../generated/site
$ cd ../generated/site/
$ ls -l
drwxr-xr-x 1 Feb  3 11:05 assets
drwxr-xr-x 1 Feb  3 11:05 cheatsheets
drwxr-xr-x 1 Feb  3 11:05 gitbook
-rw-r--r-- 1 Feb  3 11:05 index.html
-rw-r--r-- 1 Feb  3 11:05 search_index.json

Conversion rules

  • Use the markdown syntax described in this guide.
  • Use this sheet for Superscript and Subscript characters.
  • Use this sheet for Arrows (left, right, top, down) characters.
  • Store all assets in the assets folder and use the following syntax:
    • ![ALTERNATE_NAME](../assets/ASSET_NAME.png) for the insertion of an image. Use PNG format for the images (this software can be used to handle format conversion).
    • [ALTERNATE_NAME](../assets/ASSET_NAME.EXT) for the insertion of other kinds of media (pdf, zip...).
  • Use ATX style (# syntax) for section head.
  • Use **bold** syntax for bold text.
  • Use *italic* syntax for italic text.
  • Use TAB for nested lists and not spaces.
  • Use code fencing syntax along syntax highlighting for code snippet (prevent when possible horizontal scrollbar).
  • If you use {{ or }} pattern in code fencing then add a space between the both curly braces (ex: { {) otherwise it break GitBook generation process.
  • Same remark about the cheat sheet file name, only the following syntax is allowed: [a-zA-Z_]+.
  • No HTML code is allowed, only markdown syntax is allowed!
  • Use this site for generation of tables.
  • Use a single new line between a section head and the beginning of its content.

Editor & validation policy

Visual Studio Code is used for the work on the markdown files. It is also used for the work on the scripts.

The file Project.code-workspace is the workspace file in order to open the project in VSCode.

The following plugin is used to validate the markdown content.

The file .markdownlint.json define the central validation policy applied at VSCode (IDE) and TravisCI (CI) levels.

Details about rules is here.

The file .markdownlinkcheck.json define the configuration used to validate using this tool, at TravisCI level, all web and relatives links used in cheat sheets.

How to setup my contributor environment?

See here.

How to contribute?

See here.

Special thanks

A special thanks you to the following peoples for the help provided during the migration:

  • ThunderSon: Deeply help about updating the OWASP wiki links for all the migrated cheat sheets.
  • mackowski: Deeply help about updating the OWASP wiki links for all the migrated cheat sheets.


See here.

You can’t perform that action at this time.