FOSSA Logo

OWASP Top 10: 2025 Edition Coming Soon

Data collection active now through December 2024

OWASP Top Ten

Understanding the most critical web application security risks and how they impact your open source software supply chain.

View 2021 Top TenSubscribe for 2025 Updates

What is the OWASP Top Ten?

The Open Web Application Security Project (OWASP) Top Ten is a standard awareness document for developers and security professionals, representing the most critical security risks to web applications.

Updated every few years, this list helps organizations focus their security efforts on the most impactful vulnerabilities.

Why It Matters for Open Source

With up to 90% of modern applications containing open source code, these security risks extend beyond your own code to include all dependencies in your software supply chain.

Understanding these risks is essential for securing your applications and meeting compliance requirements.

Coming in 2025

OWASP Top Ten 2025 Update

OWASP is preparing to release the 2025 edition of the Top Ten in the first half of 2025, bringing the latest insights on critical web application security risks.

Data Collection Period

Now through December 2024

Release Date

First half of 2025

Changes Expected

New vulnerabilities and revised rankings based on current threat landscape

Get Notified About 2025 Release
2025
A01:2025
A02:2025
A03:2025
A04:2025
A05:2025

The OWASP Top Ten (2021)

A01:2021

Broken Access Control

Restrictions on authenticated users aren't properly enforced, allowing attackers to access unauthorized functionality or data.

Learn more
A02:2021

Cryptographic Failures

Sensitive data isn't properly protected through encryption, potentially exposing it to unauthorized access.

Learn more
A03:2021

Injection

User-supplied data is processed without proper validation, allowing attackers to inject malicious code.

Learn more
A04:2021

Insecure Design

Security flaws exist at the architectural level rather than implementation, creating vulnerabilities by design.

Learn more
A05:2021

Security Misconfiguration

Improper configuration of applications, frameworks, or servers exposes security vulnerabilities.

Learn more
A06:2021

Vulnerable and Outdated Components

Using components with known vulnerabilities allows attackers to exploit these issues for various attacks.

Learn more
A07:2021

Identification and Authentication Failures

Weaknesses in authentication mechanisms allow attackers to assume users' identities or bypass authentication.

Learn more
A08:2021

Software and Data Integrity Failures

Code and infrastructure without integrity checks can lead to malicious updates and supply chain attacks.

Learn more
A09:2021

Security Logging and Monitoring Failures

Insufficient logging and monitoring prevent timely detection of attacks and security breaches.

Learn more
A10:2021

Server-Side Request Forgery

Applications fetch remote resources without validating URLs, allowing access to internal services.

Learn more

FOSSA Helps Secure Your Software Supply Chain

FOSSA provides comprehensive vulnerability detection, deep dependency analysis, and automated policy enforcement to protect your applications from security risks in open source components.

Related Resources

DevOps and Open Source + CI/CD = Mitigating Risk Without Sacrificing Speed

Explore how DevOps and open source tools can be leveraged with CI/CD to mitigate risk without compromising on speed.

Read article

Cybersecurity Executive Order & Software Supply Chain Security

Learn about the implications of the Cybersecurity Executive Order on software supply chain security.

Read article

OWASP 2025 Updates

Subscribe to receive the latest updates on OWASP Top Ten 2025 and open source security risks.

Stay informed about changing security trends