The 2025 OWASP Top 10 edition marks a significant update by introducing two new categories, focusing on Software Supply Chain Failures and Mishandling of Exceptional Conditions. This revision is based on extensive community input and updated data analysis, integrating feedback from over 175,000 CVEs mapped to 643 CWEs. The new category A03:2025 expands on vulnerabilities in dependencies, CI/CD systems, and build processes while A10:2025 addresses poor error handling and insecure failure states.
Additionally, the list reflects shifts in digitized environments, prioritizing threats relevant to modern applications by consolidating previously scattered risks, such as merging Server-Side Request Forgery into Broken Access Control. This updated approach highlights the importance of addressing fundamental security practices while recognizing advancements in the field. The document serves as a vital resource for developers and organizations, emphasizing secure programming practices and the need to adapt to changing security landscapes.
👉 Pročitaj original: Cyber Security News
