Extremely detailed, prescriptive test cases for web applications - Regularly updated by a large community of contributors - Directly maps to the OWASP Top 10 and ASVS - Tool-agnostic: describes techniques rather than prescribing specific tools - Free and open source