Security Testing Manuals

Creating software is hard. Testing security risks even harder. So make use of good open testing guides.

OWASP Application Security Verification Standard

The standard provides a basis for designing, building, and testing technical application security controls, including architectural concerns, secure development lifecycle, threat modelling, agile security including continuous integration / deploynent, serverless, and configuration concerns. See the latest version on the git repository: https://github.com/OWASP/ASVS/tree/v4.0.1 Or download the PDF from the project main page: https://owasp.org/www-project-application-security-verification-standard/

OWASP Mobile Security Testing Guide

The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security development, testing and reverse engineering. See: https://mobile-security.gitbook.io/mobile-security-testing-guide/overview/0x03-overview