OWASP
New CS proposal: How To Make A CheatSheet
What is the proposed CheatSheet about?
While working on Agentic Cheat Sheet effort with the team I realized we don't have a standardized framework for Cheat Sheets. So I analyzed all the Cheat Sheets and came up with a framework.
What is the objective of the Cheat Sheet?
Create a standardized framework for all Cheat Sheets.
I have the framework in google doc for reference.
Github reference.
I'd like to get this on the homepage of the project or somewhere else prominent.
Any suggestions @szh @mackowski :)
I like the idea ❤️ Thanks, @packtman, for raising this issue!
I’m not a fan of several points in the current reference. Some of them are very good, but not all. It would need a careful review before we can push it.
It also looks to me like most of it might have been created by an LLM (or at least I got a very similar output using GPT). This is not a problem, but if that’s the case, please share the prompt and model used. That way, we can improve the prompt before making “human” adjustments to the text. It would also increase transparency for our community.
I believe all of the existing cheatsheets were added to a LLM to see what is common about them to make this guide. Pretty solid content for a 2025 LLM! :)
Exactly, I downloaded all the cheat sheets and then ran an analysis using cursor to look for consistent/common patterns across all cheat sheets. Here's the slack reference where I made a post about it https://owasp.slack.com/archives/C073YNUQG/p1754333808933989
If you would like more info/breakdown on how this was done more than happy to share all the details.
I spent one week on ensuring the content looks good and it's not hallucinated data/output. It should be peer reviewed for sure to look for any gaps. Thus, I have the Google doc for reference and can open it up for comments. If I were to do this manually, it would have taken me months so AI is really helpful in this context.
Also, this idea of data analysis wasn't originally done for cheat sheets. I started with analyzing a threat modeling repo which has around 200 threat models https://owasp.slack.com/archives/C1CS3C6AF/p1753035888150399
A good start if we want to keep it absolutely simple and prescriptive will be Section 7.1 https://github.com/packtman/guideline/blob/main/cheatsheet.md#71-basic-cheat-sheet-template
I think PR will be better for review. I would put it in the root directory with the name GUIDELINE.md and add a references to it from README.md and CONTRIBUTING.md Probably you can even think how to change CONTRIBUTING.md :-) @jmanico @szh what do you think?
Another guide can be: how to create or improve cheatsheets using llm. It would contain basic prompt that is getting this guide + cheatsheet + verified secure content as a context. But I guess it would be a neew issue. But with such guide it will be easier to feed llm with rules about style etc.
I am very flexile here and like your suggestions @mackowski - my only goal is not to lose this and make it prominent somewhere. This is a great "first guide" for someone who wants to contribute! :)
I will start working on the PR by end of the week, bit busy with regular work this week.
FYI, the MCP cheatsheet team has started exploring their cheatsheet per template (parts of it according to the need) MCP_cheatsheet
@mackowski do you want the entire thing in the PR or just the basic template to start with?
This is a fantastic initiative @packtman - having a standardized framework will definitely make future Cheat Sheets more consistent and contributor-friendly.
I also like @mackowski’s idea of putting it in the root as GUIDELINE.md and linking it from README.md and CONTRIBUTING.md. That way, it’s visible both to new contributors and experienced maintainers.
Happy to help review the PR once you push it - especially to check for clarity and alignment with the style of existing Cheat Sheets.
