The Biggest Shifts in OWASP Top 10 2025

The author highlights the changes in the 2025 edition of the OWASP Top 10, notably the shift from symptoms to root causes, infrastructure-as-code as a new security battlefield, supply chain integrated into applications, resilience prioritized over perfection, and identity becoming the true security perimeter. The author observes that the OWASP Top 10 is primarily used to categorize pentest results, whereas it should also be used as a reference in the development process.