OWASP Top 10: Broken access control still tops app security list

Risk list highlights misconfigs, supply chain failures, and singles out prompt injection in AI apps

The Open Worldwide Application Security Project (OWASP) just published its top 10 categories of application risks for 2025, its first list since 2021. It found that while broken access control remains the top issue, security misconfiguration is a strong second, and software supply chain issues are still prominent....