OWASP Releases Updated Top 10 Application Risks for 2025

The Open Worldwide Application Security Project (OWASP) has unveiled its first update to the Top 10 application risks since 2021 at the Global AppSec USA event. This new list emphasizes current vulnerabilities in application security, with broken access control remaining the primary concern, followed closely by security misconfiguration and ongoing issues surrounding the software supply chain.

Key Details

• Who: OWASP, a leading organization in application security.
• What: The top 10 categories of application risks for 2025.
• When: Published recently during the Global AppSec USA 2023.
• Where: Global scope, relevant to developers and organizations worldwide.
• Why: To provide a data-driven resource for organizations to prioritize their security efforts based on real-world vulnerabilities.
• How: This ranking is informed by survey data from various organizations, highlighting where resources are most needed to improve security.

Why It Matters

This updated list is critical for both IT managers and system administrators as it directly influences:

• Enterprise security and compliance: Understanding and addressing these vulnerabilities is essential for regulatory compliance.
• Hybrid/multi-cloud adoption: As businesses increasingly rely on cloud infrastructures, addressing security misconfigurations is vital.
• Application development practices: This list can guide development teams in integrating security into their workflows, reducing the incidence of vulnerabilities.

Key Findings:

• Broken Access Control: Affects 3.73% of applications. Risks include unauthorized access via URL tampering and the violation of the principle of least privilege.
• Security Misconfiguration: Ranks second, underscoring the need for improved configurations in cloud environments.
• Supply Chain Failures: Although less frequent, they have the highest potential for damaging exploits.

Takeaway

IT professionals should reassess their application security strategies in light of these findings, particularly around access controls and configuration management. It’s crucial to implement robust security measures proactively rather than reactively, ensuring that security becomes an integral part of the application’s lifecycle.

For more curated news and infrastructure insights, visit www.trendinfra.com.