Welcome to the GitHub repository for the OWASP Product Security Guide. This guide aims to provide comprehensive information and best practices for securing products against various security threats.

The release 1.0 of the MSTG was published in June 2018. You can get intermediate builds in multiple formats. Get the e-book. The book is available for free, but you can choose to purchase it at a ...

Piling on guardrails is the sign of a system permanently compensating for its own unreliability. There’s a better approach.

Shannon Lite, the autonomous white-box penetration testing tool built by San Francisco-based Keygraph, shipped version 1.2.0 ...

“系统上线前明明做了安全扫描，为什么还是被攻击者轻易攻破？”“开发团队信誓旦旦说代码没问题，结果漏洞百出，谁来为安全负责？”——这是许多企业在软件安全建设中面临的真实困境。