OWASP TOP 10 — OK ! LETS DIG IT IN

If you're new to this, the previous part is here :) https://medium.com/@IAMLEARNINGNEW/what-is-this-owasp-explained-like-im-5-years-old-8bff7a7aad54

Ok! In the previous post, we understood what OWASP is and what the OWASP Top 10 means.

Now, let's go a little further. Don't worry ,we're not diving super deep (yet 😏).

In this post, we'll take a quick look at all the vulnerabilities that make up the OWASP Top 10 .

"OWASP Top Ten (2025) "

Looks like latest one OWASP 2025 : https://owasp.org/Top10/2025/

Broken Access Control

Security Misconfiguration

Software Supply Chain Failures

Cryptographic Failures

Injection

Insecure Design

Authentication Failures

Software or Data Integrity Failures

Security Logging and Alerting Failures

Mishandling of Exceptional Conditions

Interesting!!!! So much has changed since I last checked the OWASP Top 10. 😄

Some of the names look a little confusing at first glance, but I'm guessing many of these are familiar vulnerabilities with a fresh coat of paint… but yeah you never know!

What exactly has changed from last year ?

You can refer this link : https://owasp.org/Top10/2025/0x00_2025-Introduction/

The jump of Security Misconfiguration from 5 to 2… wow, that's crazy! 😄

Vulnerable and Outdated Components moving into the top 3 is also interesting. These days you really do see open-source attacks in the wild more often, so it kind of makes sense.

And SSRF being grouped under Broken Access Control now? That actually feels logical when you think about how it's abused in real-world scenarios.

Well we know what all falls on OWASP Top 10 !

In the next post, we'll go through everything step by step.

Until then… let's give our brains a little break 😄

Till then