OWASP Top 10 2025 Released: Major Revisions and Two New Security Classes Added
gbhackersThe Open Web Application Security Project (OWASP) has officially unveiled the eighth edition of its influential Top 10 security risks list for 2025, introducing significant changes that reflect the evolving landscape of application security threats.
The update features two new security categories and substantial shifts in risk rankings based on contributed data and community feedback.
Significant Additions to the List
The 2025 edition introduces Software Supply Chain Failures as a critical new category at position A03.
| Rank | Category | CWEs | Prevalence |
|---|---|---|---|
| A01 | Broken Access Control | 40 | 3.73% |
| A02 | Security Misconfiguration | 16 | 3.00% |
| A03 | Software Supply Chain Failures | 5 | Low |
| A04 | Cryptographic Failures | 32 | 3.80% |
| A05 | Injection | 38 | High |
| A06 | Insecure Design | 36 | Moderate |
| A07 | Authentication Failures | 36 | Moderate |
| A08 | Software or Data Integrity Failures | 5 | Moderate |
| A09 | Logging & Alerting Failures | 5 | Moderate |
| A10 | Mishandling of Exceptional Conditions | 24 | New |
This represents an expanded focus from the previous ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE