OWASP Top 10 Interactive

The current OWASP Top 10:2025 web application risks. Expand any risk to see what it is and how to defend against it.

About

The ten most critical web application security risks per the 2025 OWASP list. Tap a risk to expand what it is and how to prevent it. Summaries are in our own words, linked to the OWASP source.

New in 2025: Software Supply Chain Failures enters at A03 and Mishandling of Exceptional Conditions enters at A10. SSRF was merged into Broken Access Control, and Security Misconfiguration rose to A02. This is the first update since 2021.

Summaries written in our own words. Source: OWASP Top 10:2025, finalised January 2026.

UniCybers Labs · Offensive Security Back to Offensive Security tools

Unlock the Labs toolkit

Free for learners. Tell us who you are once and every tool opens after that. It helps us keep the tools working and build what you actually need.

Full name

Phone (optional)

College or organisation

You are a

I confirm I am 18 years of age or older. I agree to the Privacy Policy and Terms.

One time only. We never sell your data.