Every four years, the application security testers hold their breath. Not because of a breach or vulnerability disclosure, but in anticipation of the OWASP Top Ten update, the most widely recognized benchmark for web application security. The next edition is due in late 2025, and although the final list hasn’t yet been published, there are some early indications that the next edition will bring many changes.
For CISOs and AppSec leaders, the Top Ten isn’t just a list, it’s a map. It shapes security training, audit checklists, procurement processes, and even executive reporting. It’s what vendor questionnaires, what developers are trained against, and what auditors look for will change. Whether you’re defending an AI platform, building APIs for a mobile app, or scaling a SaaS platform, the upcoming changes will matter. And waiting until the official release is a recipe for falling behind.
Instead, this is the moment to get ahead. Using early forecasts and real-world offensive testing insights, we can already see where the list is heading and what it says about the state of web application security in 2025.
What is the OWASP Top Ten
The Open Web Application Security Project is the de-facto authority on web application vulnerabilities. OWASP monitors the state of web apps and maintains several reports to help the security community understand and address web app issues. Their Top Ten list is the project’s most well known report and details the most important web application issues that security teams and developers need to be aware of.
One of the most important functions of the OWASP Top Ten is providing a common language.. Whether you’re briefing the board, selecting a vendor, or working with DevOps, OWASP categories remain the universal shorthand for web‑app risk. The language extends to regulations, with PCI DSS, ISO 27001 audits, and even SEC cyber‑risk filings often reference OWASP explicitly or implicitly.
What has changed since the last Top Ten
Since the last update in 2021, the nature of application risk has changed. Cloud-native architectures have become the default, bringing with them explosive growth in APIs, ephemeral environments, and identity-based access controls. The increasing speed of software delivery, driven by DevOps, microservices, and infrastructure-as-code has widened the gap between design intentions and production realities.
At the same time, the rise of generative AI has introduced new types of threats. Security researchers have shown how language models can be manipulated with carefully crafted inputs, creating novel injection paths that existing tools weren’t built to catch. More broadly, attackers are leveraging AI to automate reconnaissance, speed up exploit creation, and identify complex misconfigurations that once required manual effort.
But, perhaps the most concerning trend is how much application risk now lives outside the application itself. From vulnerable third-party packages and misconfigured S3 buckets to leaked secrets in CI/CD pipelines, much of what attackers exploit isn’t "code" in the traditional sense—it’s configuration, identity, and trust boundaries.
These changes are likely to be reflected in OWASP’s next update, expected later this year. Let’s take a look at how they could be reflected in the 2025 Top Ten.
What to expect from 2025’s OWASP Top Ten
Although OWASP has not yet released its draft list, security researchers and vendors have begun publishing their own forecasts, based on analysis of CVE trends, exploit data, and architectural shifts. One of the predicted changes is that the next Top Ten will continue moving away from individual coding errors and toward systemic application risks. Categories that emphasize how applications are built and operated and not just what code is written are likely to rise in importance. Below are some of the categories that we are likely to see in the next edition:
AI protocols
With the rise of AI across organizations’ operations new protocols have emerged to enable developers to build new tools. Unfortunately, many of these protocols, such as the Model Context Protocol (MCP), which is used to connect AI systems to internal data, are not mature. One study found that 43% of tested MCP implementations contained command injection flaws. Until secure specifications are available organizations must undertake rigorous security assessments and implement strict controls for their security tools. As a result, AI protocols are likely to appear in the 2025 Top Ten.
Broken access control
Broken access control, which topped the 2021 list, is expected to remain dominant. But, it's not just about missing role checks anymore. In 2025, the problem is more complex: mesh identity systems, third-party integrations, and multi-cloud deployments create intricate webs of authorization logic. Attackers increasingly exploit these to escalate privileges or move laterally, especially when identity tokens are mishandled.
Injection vulnerabilities
Injection vulnerabilities aren’t going away either, and what's more, they’re evolving. While SQL injection is now relatively rare in modern frameworks, new forms of injection are emerging. GraphQL endpoints, AI models, and loosely typed back-end services introduce entirely new vectors. We’ve also seen adversaries manipulate log parsers, CI/CD tools, and even analytics pipelines through subtle input manipulation. Injection in 2025 is broader, deeper, and harder to detect.
Authentication
Authentication and session management issues are also under renewed scrutiny. With the rise of infostealer malware, attackers have shifted from stealing passwords to stealing session tokens. Even organizations with MFA in place are finding themselves compromised, because device-level threats bypass browser protections and hijack authenticated sessions. As a result, flaws in how sessions are issued, validated, and revoked are becoming more critical than ever.
Dependency monitoring
With many deployments including code that organizations didn’t write and don’t control dependency hijacking and CI/CD pipeline compromise becoming more common. Examples include persistent misconfigurations in cloud environments, vulnerable and outdated components (especially in third-party packages and containers), and software supply chain risks are likely to get a mention in next Top Ten.
Preparing for the 2025 Top Ten
Although the OWASP Top Ten comes out every four years, the security landscape is constantly evolving. Security teams and developers need to align web application exposure validation to these emerging trends.
At Hadrian, we surface new vulnerabilities as they emerge, whether that’s an exposed endpoint from a recent deploy, or a third-party plugin that just introduced a CVE. Our platform maps each finding back to OWASP categories, so teams can prioritize fixes based on real risk, not just raw scan volume.
