OWASP Top Ten 2025: The Latest Version Has Been Released

• A01:2025 – Broken Access Control: Restrictions on what authenticated users are allowed to do are not properly enforced.
• A02:2025 – Security Misconfiguration: Security settings are either not configured correctly or are left at their default values.
• A03:2025 – Software Supply Chain Failures: Issues arising from the components and third-party libraries used in the development of an application.
• A04:2025 – Cryptographic Failures: Failures related to cryptography, such as the use of weak or broken algorithms or improper key management.
• A05:2025 – Injection: Vulnerabilities that can occur when an application passes untrusted data to an interpreter.
• A06:2025 – Insecure Design: Flaws in the fundamental design and architecture of the application.
• A07:2025 – Authentication Failures: Flaws in the implementation of authentication, such as weak password policies or insecure session management.
• A08:2025 – Software or Data Integrity Failures: Issues related to the verification of the integrity of software updates, critical data, and CI/CD pipelines.
• A09:2025 – Logging & Alerting Failures: Insufficient logging and monitoring of security-relevant events, which can lead to delays in detecting or responding to attacks.
• A10:2025 – Mishandling of Exceptional Conditions: Failure to handle exceptions and error conditions properly, which can lead to information leakage or denial of service.

Sources:

• https://owasp.org/www-project-top-ten/
• https://owasp.org/Top10/A00_2021_Introduction/