全球知名的开放式 Web 应用安全项目（OWASP）于近日发布了《2025 年 Web 应用程序十大安全风险（候选版）》，在继承 2021 年版本的基础上，对风险分类进行了重大调整： 新增两大类别，优化现有结构 ，并通过更广泛的数据收集与分析方法反映行业真实态势。这份版本目前开放公众意见征集至 11 月 20 日，最终版预计年底发布。

OWASP has released a revised version of its Top 10 list of critical risks to web applications, adding two new categories.

Risk list highlights misconfigs, supply chain failures, and singles out prompt injection in AI apps The Open Worldwide ...

Fortify Software, which identifies and remediates software vulnerabilities, has contributed its collection of 115 types of software security errors to the Open Web Application Security Project (OWASP) ...

The Open Web Application Security Project (OWASP) today issued the final version of its new Top 10 list of application security risks. The list, which was first unveiled in November at the OWASP ...

The Open Web Application Security Project (OWASP) has published a new version of its infamous Top 10 vulnerability ranking, four years after its last update, in 2013. The OWASP Top 10 is not an ...

API security risk has dramatically evolved in the last two years. Jason Kent, Hacker-in-Residence at Cequence Security, discusses the top API security concerns today and how to address them. As a long ...

The OWASP Top 10 for LLM and Generative AI has recognized industry need and expanded scope and become an OWASP Flagship Project WILMINGTON, Del., March 27, 2025 /PRNewswire/ -- The Open Worldwide ...

The Open Web Application Security Project (OWASP) today released a new top 10 list at its conference in Washington, D.C., that focuses on Web application security risks rather than the way its ...

Despite the increased focus on application security in the last few years, cyber-threats are increasing in volume, sophistication and impact. To help companies defend against them, OWASP, a non-profit ...