OWASP Web Security Testing Guide (WSTG)

Hello Friends,

After reading some of the content of WSTG, I got curious about whether some organizations are utilizing it as reference or not. It’s a comprehensive guide that shows how to implement security testing as part of their SDLC.
Have you ever heard about orgs using it ?

1 Like

I’ve seen parts of it implemented, and worked on implementing it myself. It was a while ago, but much of the content applies to any SDLC. My current employer already has their own security testing strategy, so less relevant to me now. But it would be my fall back to any company that didn’t have any strategy or approaches to security documented.

1 Like

Thank you for replying @danielbilling. I’ve been working with Testing for a while and executed some security testing while testing API’s before. That’s when I decided to learn more about security and started to study this guide - which I thought very insightful and straight forward - when it converts theory in practical application . It is good to know that people are adopting it (specially when compared with other documentation that are presented and never used).

1 Like

Happy to have a chat any time to discuss our experiences and learning. There are a lot of great resources on security out there, just not many folks in testing who have implemented. There is some security content coming to MOT soon that might prove useful.

That’s great. I’ve noticed that most of testing positions out there not even mention security testing in their descriptions - curious to see when that is going to start changing. I remember reading in the WSTG that since there is not enough security personal to fill all demand(this is well know at this point), testing people should be brought in to test security. It might answer a question I asked myself when I start looking more into security: Do I need to give up testing to assume a security role in order to work on the field? What are your thoughts here?

1 Like