The Security Aggregator

  Welcome to the 8th installment of the OWASP Top Ten! A huge thank you to everyone who contributed data and perspectives in the survey. Without you, this installment would not have been possible. THANK YOU! Introducing the OWASP Top 10:2025 A01:2025 - Broken Access Control A02:2025 - Security Misconfiguration A03:2025 - Software Supply Chain Failures A04:2025 - Cryptographic Failures A05:2025 - Injection A06:2025 - Insecure Design A07:2025 - Authentication Failures A08:2025 - Software or Data Integrity Failures A09:2025 - Security Logging & Alerting Failures A10:2025 - Mishandling of Exceptional Conditions What's changed in the Top 10 for 2025 There are two new categories and one consolidation in the Top Ten for 2025. We’ve worked to maintain our focus on the root cause over the symptoms as much as possible. With the complexity of software engineering and software security, it’s basically impossible to create ten categories without some level of overlap. The list has two new c...