[markl42]

I’m not familiar with the work that OWASP does, other than the cheat sheet series.

The cheat sheet series is amazing - a great resource to defer to when you don’t know or want to think about how to do <x>, you just want to look up and implement the industry standard.

It’s a great reference, and I use it lot. <3 to the folks working on that :)

[chrismorgan]

The main cheat sheet I’ve looked closely at is the XSS one, and it’s never been better than mediocre, with (for over a decade, despite it being known about; only recently has it been redone to be tolerable, though still not excellent) awful framing, grossly misleading structure (seriously, almost every citations I’ve seen of it has misapplied it because of this), irrelevant and excessive content in some areas and critical missing content in other areas.

Therefore my recommendation is: use it for general awareness, perhaps, but do not trust it. Because there probably isn’t anyone really working on it—you’re probably actually looking at something that was written well over 10 years ago by an amateur, and has received almost no maintenance since then.

[CaliforniaKarl]

Can you recommend a good substitute for the Cheatsheets?