The OWASP Top 10 was refreshed in 2025: two brand-new categories, a big promotion for misconfiguration, and SSRF folded into access control. A practical walk through all ten with vulnerable-versus-fixed code and the defenses that actually move the needle.
Owasp
-
The OWASP Top 10 (2025 Edition): What Changed and How to Fix Each Risk -
The OWASP LLM Top 10 and Prompt Injection The threat model for applications built on language models: direct and indirect prompt injection, jailbreaks, system-prompt and training-data leakage, insecure output handling, and excessive agency in tool-using agents. Real exploit patterns from 2025 — zero-click exfiltration, confused-deputy tool calls, denial-of-wallet — and the uncomfortable reason classic input validation does not save you.
-
OWASP API Security Top 10: A Practical Guide to Securing Your APIs A deep-dive into the OWASP API Security Top 10—covering broken object-level authorization, excessive data exposure, mass assignment, and every other critical API vulnerability with real attack examples and defensive code patterns.