OWASP Top 10:2025 Release Candidate

Welcome to the OWASP Top 10:2025 Release Candidate documentation.

The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.

About This Release

This is the 2025 Release Candidate of the OWASP Top 10. This version includes updates based on the latest data and security trends.

Getting Started

Start with the Introduction to learn about what's new in the 2025 version.

Navigation

• Introduction
• About OWASP
• What are Application Security Risks?
• Establishing a Modern Application Security Program

Top 10:2025 List

1. A01:2025 - Broken Access Control
2. A02:2025 - Security Misconfiguration
3. A03:2025 - Software Supply Chain Failures
4. A04:2025 - Cryptographic Failures
5. A05:2025 - Injection
6. A06:2025 - Insecure Design
7. A07:2025 - Authentication Failures
8. A08:2025 - Software or Data Integrity Failures
9. A09:2025 - Security Logging and Alerting Failures
10. A10:2025 - Mishandling of Exceptional Conditions

---

Note: This is a Release Candidate. Translations will be added post-release as they become available.