OWASP Web Security Testing Guide (WSTG) is the premier cybersecurity testing resource for web application developers and security professionals. However, navigating the guide, finding practical exploit payloads, and using it across different languages can be time-consuming.
WSTG Plus solves this by taking the core OWASP WSTG and significantly upgrading it. It maps every single WSTG vulnerability to practical exploit resources (like HackTricks and PortSwigger Web Security Academy) and provides ready-to-use, comprehensive checklists in 19 different languages.
-
Multi-Language Support: Ready-to-use checklists available in 19 languages.
-
Resource Enrichment: Every WSTG test ID is contextually mapped to:
- Official OWASP Documentation
- HackTricks Wiki & Payloads
- PortSwigger Web Security Academy Labs
- PayloadsAllTheThings
-
Clean Formats: Checklists are available in both single-page Markdown format and beautifully formatted PDF.
-
Actionable & Structured Scenarios: Replaces generic, vague checks with precise, scenario-based multiple-choice questions to ensure consistent penetration testing execution.
Example:
### Are identifying strings present in the HTTP response headers? - [ ] No — `Server` and `X-Powered-By` headers are **not present** or contain generic values - [ ] Yes — headers reveal server software but **not** specific version numbers - [ ] Yes — headers reveal specific server software and **exact** version numbers
| Language | Code | Full Markdown | Full PDF | Language Folder |
|---|---|---|---|---|
| Arabic | ar |
View Markdown | Download PDF | Folder |
| Bengali | bn |
View Markdown | Download PDF | Folder |
| Chinese | zh |
View Markdown | Download PDF | Folder |
| Dutch | nl |
View Markdown | Download PDF | Folder |
| English | en |
View Markdown | Download PDF | Folder |
| French | fr |
View Markdown | Download PDF | Folder |
| German | de |
View Markdown | Download PDF | Folder |
| Hindi | hi |
View Markdown | Download PDF | Folder |
| Indonesian | id |
View Markdown | Download PDF | Folder |
| Italian | it |
View Markdown | Download PDF | Folder |
| Japanese | ja |
View Markdown | Download PDF | Folder |
| Korean | ko |
View Markdown | Download PDF | Folder |
| Persian | fa |
View Markdown | Download PDF | Folder |
| Polish | pl |
View Markdown | Download PDF | Folder |
| Portuguese | pt |
View Markdown | Download PDF | Folder |
| Russian | ru |
View Markdown | Download PDF | Folder |
| Spanish | es |
View Markdown | Download PDF | Folder |
| Turkish | tr |
View Markdown | Download PDF | Folder |
| Urdu | ur |
View Markdown | Download PDF | Folder |
This repository focuses purely on delivering the final, compiled checklists for ease of use.
full-mds/: Contains the full single-page Markdown file for each language.full-pdfs/: Contains the printable, paginated PDF format for each language.translations/: Contains specific translation files and components for each language.
Contributions, issues, and feature requests are welcome! If you find any translations that need improvement or missing resource links, feel free to submit an issue or pull request.
This project is inspired by and builds upon the OWASP Web Security Testing Guide.