OWASP 2025 Top 10 Resources

Resources.md

OWASP Top 10 2025 Resources - CodeMash 2026 Edition

Thanks for attending!

Connect with Ardalis

• GitHub.com/ardalis
• Ardalis.com blog
• YouTube/ardalis
• LinkedIn
• BlueSky

OWASP Top 10 2025 Presentation Links and Resources

• Slides
• https://github.com/ardalis/OWASP-Top-10-2025 (some stuff here)
• https://owasp.org/Top10/2025/
• https://cwe.mitre.org/data/definitions/1435.html (top 25 weaknesses in 2025)
• https://github.com/OWASP/Top10/tree/master/2025/docs/assets (icons)
• https://owasp.org/www-project-vulnerable-web-applications-directory/
• https://owasp.org/www-project-juice-shop/
• https://owasp.org/www-project-top-10-for-large-language-model-applications/
• https://salt.security/blog/what-is-the-owasp-api-security-top-10
• https://medium.com/@shareef.dweikat/myth-debunked-browser-updates-have-not-ended-tabnabbing-attacks-ed7f25b70b94
• https://thehackernews.com/2025/12/rogue-nuget-package-poses-as-tracerfody.html
• https://www.reversinglabs.com/blog/nuget-malware-crypto-oauth-tokens
• https://en.wikipedia.org/wiki/LastPass_2022_data_breach
• https://en.wikipedia.org/wiki/2021_Epik_data_breach
• https://www.esecurityplanet.com/threats/malicious-nuget-packages-hide-time-delayed-sabotage-code/
• https://www.fortinet.com/resources/cyberglossary/solarwinds-cyber-attack
• https://genai.owasp.org/llm-top-10/
• https://owaspai.org/
• https://owasp.org/www-project-machine-learning-security-top-10/
• https://learn.microsoft.com/en-us/training/modules/owasp-top-10-for-dotnet-developers/

Other predictions for 2025 Top 10 List

• https://tcm-sec.com/owasp-top-10-prediction-2025/
• https://hadrian.io/blog/what-to-expect-from-the-owasp-top-ten-in-2025
• https://authzed.com/blog/predicting-the-latest-owasp-top-10-with-cve-data
• https://zoonou.com/blog/our-predictions-for-the-2025-owasp-top-10/