全球知名的开放式 Web 应用安全项目（OWASP）于近日发布了《2025 年 Web 应用程序十大安全风险（候选版）》，在继承 2021 年版本的基础上，对风险分类进行了重大调整： 新增两大类别，优化现有结构 ，并通过更广泛的数据收集与分析方法反映行业真实态势。这份版本目前开放公众意见征集至 11 月 20 日，最终版预计年底发布。

OWASP has released a revised version of its Top 10 list of critical risks to web applications, adding two new categories.

Over the past few years, API security has gone from a relatively niche concern to a headline issue. A slew of high-profile breaches and compliance mandates like PCI DSS 4.0 have woken security teams ...

Security misconfiguration jumped to second place as organizations improve defenses against traditional coding flaws.

The Open Worldwide Application Security Project (OWASP) just published its top 10 categories of application risks for 2025, its first list since 2021. It found that while broken access control remains ...

AI is shaping app security – between attackers and defenders. The German OWASP Day highlights the opportunities and risks of ...

WILMINGTON, Del., April 17, 2025 /PRNewswire/ -- The Open Worldwide Application Security Project's (OWASP) flagship Generative AI Security Project (https://genai.owasp.org) today announced the ...

The OWASP (Open Web Application Security Project) Mobile Security Project wants your help to shape the OWASP Mobile Top 10 Risks. I’m going to run the open letter from their website below. But first, ...

Top-level discussions on security and ethical risks AI-powered tools pose are no longer enough to mitigate the dangers posed by the rapid adoption of artificial intelligence (AI), according to the ...

The Open Web Application Security Project (OWASP) is a nonprofit organization focused on improving the security of software. Established in 2001, OWASP provides a variety of resources, including ...