The Open Worldwide Application Security Project (OWASP) has released its updated Top 10 Application Risks for 2025, marking its first update since 2021. Broken access control remains the leading risk, followed closely by security misconfiguration and software supply chain vulnerabilities. This data-driven list aims to help organizations prioritize security measures and is based on extensive data collected from organizations and surveys. Notable changes include the introduction of a new category for software supply chain failures, which replaces “vulnerable and outdated components,” and the merging of server-side request forgery (SSRF) with broken access control. Injection threats have dropped to fifth position due to extensive testing. Additionally, the category for “mishandling of exceptional conditions” was added based on community feedback. Experts stress the importance of securing coding practices, as existing security measures have shown little improvement despite increased identification of issues. The OWASP list emphasizes the need for proactive security in application development.
Source link
