OWASP Foundation · global

OWASP Testing Standards: pen test requirements 2026

OWASP publishes the testing guides that define modern web/mobile/API pen test methodology. Includes WSTG, MASTG, API Security Top 10, ASVS (Application Security Verification Standard).

Required

Voluntary

Region

GLOBAL

Publisher

OWASP Foundation

Applies to

Web app pen testing (WSTG)
Mobile pen testing (MASTG)
API pen testing (API Security Top 10)

Budget impact

Day count impact

OWASP-aligned testing is the baseline — most engagement quotes implicitly follow OWASP coverage

Rate impact

Neutral — does not affect day rate

Source

↗ https://owasp.org/projects/

Verified 2026-06-02.

Other standards

CREST CHECK Cyber Essentials Plus NIST SP 800-115 PCI DSS 4.0 testing