全球知名的开放式 Web 应用安全项目（OWASP）于近日发布了《2025 年 Web 应用程序十大安全风险（候选版）》，在继承 2021 年版本的基础上，对风险分类进行了重大调整： 新增两大类别，优化现有结构 ，并通过更广泛的数据收集与分析方法反映行业真实态势。这份版本目前开放公众意见征集至 11 月 20 日，最终版预计年底发布。

Risk list highlights misconfigs, supply chain failures, and singles out prompt injection in AI apps The Open Worldwide ...

OWASP has released a revised version of its Top 10 list of critical risks to web applications, adding two new categories.

If you’ve been in the security universe for the last few decades, you’ve heard of the OWASP Top Ten. It’s a list of 10 security problems that we move around every year and never really solve. Oh sure, ...

Over the past few years, API security has gone from a relatively niche concern to a headline issue. A slew of high-profile breaches and compliance mandates like PCI DSS 4.0 have woken security teams ...

Security misconfiguration jumped to second place as organizations improve defenses against traditional coding flaws.

AI is shaping app security – between attackers and defenders. The German OWASP Day highlights the opportunities and risks of ...

WILMINGTON, Del., April 17, 2025 /PRNewswire/ -- The Open Worldwide Application Security Project's (OWASP) flagship Generative AI Security Project (https://genai.owasp.org) today announced the ...

The Open Web Application Security Project (OWASP) is a nonprofit organization focused on improving the security of software. Established in 2001, OWASP provides a variety of resources, including ...

The OWASP (Open Web Application Security Project) Mobile Security Project wants your help to shape the OWASP Mobile Top 10 Risks. I’m going to run the open letter from their website below. But first, ...