If you want to modify something regarding the mention made to you (typo/link to your profile/etc), feel free to submit a PR with the expected content. Same approach if you think that we have forgotten someone.
Sorting applied on the name is an alphabetical one.
- Michael Eddington
- Til Mas
- Dominique Righetto - [email protected]
- James Robinson - [email protected]
- Rick Mitchell
- Adinath Raveendra Raj - [email protected]
- Jim Manico - [email protected]
- Mennouchi Islam Azeddine - [email protected]
- Shruti Kulkarni - [email protected]
Attack Surface Analysis Cheat Sheet
- Jim Bird - [email protected]
- Jim Manico - [email protected]
- Eoin Keary eoinkeary
- Jim Manico - [email protected]
- Manuel Aude Morales
- Pawel Krawczyk
- Sven Neuhaus
- Timo Goosen
Authorization Testing Automation
- Dominique Righetto - [email protected]
- Anton Abashkin - [email protected]
- Jeffrey Walton - [email protected]
- Jim Manico - [email protected]
- Kevin Wall - [email protected]
C-Based Toolchain Hardening Cheat Sheet
- Jeffrey Walton - [email protected]
- Jim Manico - [email protected]
- Kevin Wall - [email protected]
Choosing and Using Security Questions Cheat Sheet
- Kevin Wall - kevin.w.wall@gmail com
Clickjacking Defense Cheat Sheet
- Aabashkin
- Dave Wichers - [email protected]
- Eelgheez
- Jeffrey Walton
- Jim Manico - [email protected]
- Michael Brook
- Santhosh Tuppad - [email protected]
- Shruti kulkarni
- Till Maas
- Tom Parker
- Yozo
Content Security Policy Cheat Sheet
- Elie Saad - [email protected]
Credential Stuffing Prevention Cheat Sheet
- Brad Causey
Cross-Site Request Forgery Prevention Cheat Sheet
- Dave Wichers - [email protected]
- Dominique Righetto - [email protected]
- Eric Sheridan - [email protected]
- Paul Petefish
- Manideep Konakandla (Amazon Application Security Team)
Cross Site Scripting Prevention Cheat Sheet
- Jeff Williams - [email protected]
- Jim Manico - [email protected]
- Neil Mattatall - [email protected]
Cryptographic Storage Cheat Sheet
- David Rook - [email protected]
- Fred Donovan - [email protected]
- Jim Manico - [email protected]
- Kevin Kenan - [email protected]
- Kevin Wall - [email protected]
- Tony Hsu - [email protected]
DOM based XSS Prevention Cheat Sheet
- Abraham Kang - [email protected]
- Achim Hoffmann - [email protected]
- Chris (Chris BEEF) Schmidt
- Dhiraj Mishra - [email protected]
- Eduardo (SirDarkCat) Alberto Vela Nava
- Erlend Oftedal
- Gareth (Gaz) Heyes
- Jeff Williams - [email protected]
- Jeremy Long
- Jim Manico - [email protected]
- John Steven
- Mario Heiderich
- Mike Samuel
- Robert (RSnake) Hansen
- Stefano Di Paola
- Liviu Rombauts
- Stephen Corbiaux - [email protected]
- Arshan Dabirsiaghi - [email protected]
- Tony Hsu (Hsiang-Chih) Shane Murnion
- Jakub Maćkowski - [email protected]
- Bill Sempf - [email protected]
- Jeremy Long - [email protected]
- John Staveley
- Sam Ferree
- Shane Murnion
- Steve Bamelis
- Troy Hunt - [email protected]
- Xander Sherry
- Dominique Righetto - [email protected]
- Dave Ferguson - [email protected]
- James McGovern - [email protected]
- Jim Manico - [email protected]
- Kevin Wall - [email protected]
- Wesley Philip - [email protected]
- Dominique Righetto [email protected]
- Juan Galiana Lara [email protected]
- Krzysztof Kotowicz [email protected]
- Mark Roxberry [email protected]
- Shreeraj Shah [email protected]
- Will Stranathan [email protected]
HTTP Strict Transport Security Cheat Sheet
- Daniel Black
- Jim Manico
- Michael Coates
- Pawel Krawczyk
- Til Maas
Injection Prevention Cheat Sheet
- Alexander Meisel - [email protected]
- Erlend Oftedal - [email protected]
- Jim Manico - [email protected]
- Sherif Mansour - [email protected]
Injection Prevention Cheat Sheet in Java
- Dave Wichers - [email protected]
- Dominique Righetto - [email protected]
- Dave Wichers - [email protected]
Insecure Direct Object Reference Prevention Cheat Sheet
- Dominique Righetto - [email protected]
- Eric Sheridan - [email protected]
- Jeff Williams - [email protected]
- Dr. A.L. Gottlieb - [email protected]
JSON Web Token Cheat Sheet for Java
- Dominique Righetto - [email protected]
- Jim Manico - [email protected]
- Paul Ionescu - [email protected]
- Brian Russell - [email protected]
- Drew Van Duren - [email protected]
- Susanna Bezold – [email protected]
- Vanessa Amador - [email protected]
LDAP Injection Prevention Cheat Sheet
- Ben Weintraub - [email protected]
- Jim Manico - [email protected]
- Alexis Fitzgerald - [email protected]
- Colin Watson - [email protected]
- Eoin Keary - [email protected]
- Abashkin Anton - [email protected]
OS Command Injection Defense Cheat Sheet
- Jim Manico - [email protected]
- Katy Anton - [email protected]
- Abbas Naderi - [email protected]
- Achim Hoffmann - [email protected]
- Dan Ehrlich - [email protected]
- Tony Hsu HsiangChih
- Dominique Righetto - [email protected]
- Jim Manico - [email protected]
- John Steven - [email protected]
- Jeffrey Walton - [email protected]
- Jim Manico - [email protected]
- John Steven - [email protected]
- Kevin Wall - [email protected]
- Ricardo Iramar - [email protected]
Protect FileUpload Against Malicious File
- Dominique Righetto - [email protected]
Query Parameterization Cheat Sheet
- Dave Wichers - [email protected]
- Jim Manico - [email protected]
- Neil Matatal - [email protected]
- Ofer Shezaf - [email protected]
- Andrew van der Stock - [email protected]
- Erlend Oftedal - [email protected]
- Jan Wolff - [email protected]
- Johan Peeters - [email protected]
- Manh Pham - [email protected]
- Rocco Gränitz - [email protected]
- Tony Hsu Hsiang Chih- [email protected]
- Aaron Bedra - [email protected]
- Egor Homakov - [email protected]
- Jim Manico - [email protected]
- Jon Claudius - [email protected]
- Jon Rose - [email protected]
- Justin Collins - [email protected]
- Ken Johnson - [email protected]
- Lance Vaughn - [email protected]
- Matt Konda - [email protected]
- Neil Matatall - [email protected]
- Zaur Molotnikov - [email protected]
- Gunnar Peterson
- James McGovern
- Brad Broulik
- Paweł Krawczyk
SQL Injection Prevention Cheat Sheet
- Dave Wichers - [email protected]
- Dhiraj Mishra - [email protected]
- Jim Manico - [email protected]
- Matt Seil - [email protected]
Securing Cascading Style Sheets Cheat Sheet
Session Management Cheat Sheet
- Raul Siles (DinoSec) - [email protected]
- Achim Hoffmann - [email protected]
- Torsten Gigler - [email protected]
Third Party Javascript Management Cheat Sheet
- Jim Weiler - [email protected]
- Ahmed Kanoma
- Mohamed Alfateh
Transaction Authorization Cheat Sheet
- Adam Lange
- Adam Zachara, SecuRing
- Andrzej Kleśnicki, Qualys
- Francois-Eric Guyomarch, HID Global
- James Holland, HID Global
- Milan Khan, HID Global
- Steven Wierckx, Toreon
- Sven Thomassin, PwC BE - Technology Consulting
- Sławomir Jasek, SecuRing
- Wojciech Dworakowski - [email protected]
Transport Layer Protection Cheat Sheet
- Dave Wichers - [email protected]
- Michael Coates - [email protected]
- Tony Hsu - [email protected]
- Torsten Gigler - [email protected]
- Tyler Reguly - [email protected]
Unvalidated Redirects and Forwards Cheat Sheet
- Jim Manico - [email protected]
- Johanna Curiel - [email protected]
- Susanna Bezold - [email protected]
User Privacy Protection Cheat Sheet
- Mohammed ALDOUB
- Christian Folini - [email protected]
- Josh Zlatin - [email protected]
- Ryan Barnett - [email protected]
Vulnerability Disclosure Cheat Sheet
- OWASP Montréal chapter
- @el_d33
- gosecure.ca
Vulnerable Dependency Management Cheat Sheet
- Dominique Righetto - [email protected]
- Elie Saad - [email protected]
- Jakub Maćkowski - [email protected]
Web Service Security Cheat Sheet
- Dave Wichers - [email protected]
- Jim Manico - [email protected]
- Sherif Koussa - [email protected]
- Gunnar Peterson
XML External Entity Prevention Cheat Sheet
- Dave Wichers - [email protected]
- Dean Fleming
- James Jardine - [email protected]
- Tony Hsu (Hsiang-Chih)
- Xiaoran Wang - [email protected]
- Fernando Arnaboldi - [email protected]