The Open Worldwide Application Security Project (OWASP) just published its top 10 categories of application risks for 2025, its first list since 2021. It found that while broken access control remains the top issue, security misconfiguration is a strong second, and software supply chain issues are still prominent.

The update was presented at the organization's Global AppSec USA event. The list is final but the official write-up is in preview, according to OWASP Top 10 co-leads Neil Smithline and Tanya Janca.

The top 10, they said, is "a data-driven awareness document to help organizations prioritize." It is based on data from organizations and survey respondents.

Changes between the 2021 and 2025 OWASP top 10 application risks

The categories are inevitably imprecise and have been updat

See Full Page