The Open Web Application Security Project (OWASP) has unveiled the 2025 edition of its flagship OWASP Top 10 2025, marking the eighth installment and introducing significant updates to address evolving software security threats.
To guide organizations, developers, and security professionals, OWASP (Open Web Application Security Project) updated the OWASP Top 10 in 2025, a list of the most relevant vulnerabilities affecting modern web applications. This new edition introduces two new categories, expands one, and renames several to better reflect current threats.
Broken access control, security misconfigurations, and software supply chain risks top the updated OWASP Top 10 for 2025. Learn what’s new and changed in the latest edition of the most popular OWASP software security document.