Security Testing Manuals

Creating software is hard. Testing security risks even harder. So make use of good open testing guides.

OWASP Application Security Verification Standard

The standard provides a basis for designing, building, and testing technical application security controls, including architectural concerns, secure development lifecycle, threat modelling, agile security including continuous integration / deploynent, serverless, and configuration concerns. See the latest version on the git repository: Or download the PDF from the project main page:

OWASP Mobile Security Testing Guide

The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security development, testing and reverse engineering. See: