The OWASP Top 10 list for 2025 has been updated with two new categories and a reshuffled order reflecting recent cybersecurity threats to web applications. Notably, Broken Access Control remains top, while Security Misconfiguration and Software Supply Chain Failures have climbed higher on the list. #OWASP #Top10 #SoftwareSupplyChain
Keypoints
- OWASP has released a revised Top 10 list of critical web application risks for 2025.
- Broken Access Control remains the leading risk, now including server-side request forgery (SSRF).
- Security Misconfiguration moved up to second place, replacing some categories from previous lists.
- The Software Supply Chain Failures category has expanded, highlighting broader ecosystem vulnerabilities.
- A new category, Mishandling of Exceptional Conditions, has been added to address system errors and logical flaws.
Read More: https://www.securityweek.com/two-new-web-application-risk-categories-added-to-owasp-top-10/