OWASP Top 10:2025

Welcome to the OWASP Top 10:2025 Release.

The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.

About This Release

This is the 2025 version of the OWASP Top 10. This version includes updates based on the latest data and security trends.

Main Project Page

The main project page has information about older versions and metadata about this project.

Getting Started

Start with the Introduction to learn about what's new in the 2025 version.

Navigation

• Introduction
• About OWASP
• What are Application Security Risks?
• Establishing a Modern Application Security Program

Top 10:2025 List

1. A01:2025 - Broken Access Control
2. A02:2025 - Security Misconfiguration
3. A03:2025 - Software Supply Chain Failures
4. A04:2025 - Cryptographic Failures
5. A05:2025 - Injection
6. A06:2025 - Insecure Design
7. A07:2025 - Authentication Failures
8. A08:2025 - Software or Data Integrity Failures
9. A09:2025 - Security Logging and Alerting Failures
10. A10:2025 - Mishandling of Exceptional Conditions

---

Note: Translations will be added as they become available.