TY - GEN
T1 - Evolution of Application Security based on OWASP Top 10 and CWE/SANS Top 25 with Predictions for the 2025 OWASP Top 10
AU - Li, Jinfeng
AU - Li, Haorong
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025/4/23
Y1 - 2025/4/23
N2 - The Open Web Application Security Project (OWASP) is widely recognized for its role in identifying and publishing the most critical vulnerabilities in the web application security domain through its OWASP Top 10 list. This study provides the first comprehensive evolutionary analysis of the OWASP Top 10, tracing its development from its inception to the most recent edition. By systematically analyzing historical trends, this research highlights key shifts in vulnerability patterns and emerging security challenges, offering a thorough perspective that expands upon existing literature on web application security. In particular, the study also presents a forward-looking projection for the upcoming 2025 OWASP Top 10, which is anticipated to be released later this year. This prediction is grounded in four primary factors influencing the evolving cybersecurity landscape: the increasing risks associated with artificial intelligence (AI) and machine learning (ML), the growing complexities of API and cloud security, the rising frequency of software supply chain attacks (SSCA), and the expanding impact of regulatory and compliance frameworks. The findings contribute significantly to the understanding of the dynamic threat environment, providing actionable insights for researchers, practitioners, and policymakers to enhance security strategies and mitigate future risks effectively.
AB - The Open Web Application Security Project (OWASP) is widely recognized for its role in identifying and publishing the most critical vulnerabilities in the web application security domain through its OWASP Top 10 list. This study provides the first comprehensive evolutionary analysis of the OWASP Top 10, tracing its development from its inception to the most recent edition. By systematically analyzing historical trends, this research highlights key shifts in vulnerability patterns and emerging security challenges, offering a thorough perspective that expands upon existing literature on web application security. In particular, the study also presents a forward-looking projection for the upcoming 2025 OWASP Top 10, which is anticipated to be released later this year. This prediction is grounded in four primary factors influencing the evolving cybersecurity landscape: the increasing risks associated with artificial intelligence (AI) and machine learning (ML), the growing complexities of API and cloud security, the rising frequency of software supply chain attacks (SSCA), and the expanding impact of regulatory and compliance frameworks. The findings contribute significantly to the understanding of the dynamic threat environment, providing actionable insights for researchers, practitioners, and policymakers to enhance security strategies and mitigate future risks effectively.
KW - AI-based Security Risks
KW - Application Security
KW - Broken Access Control
KW - Cloud-native Security
KW - CWE/SANS
KW - Cybersecurity Threats
KW - Injection Attacks
KW - OWASP
KW - OWASP Top 10
KW - Software Supply Chain Security
UR - https://www.scopus.com/pages/publications/105007416900
U2 - 10.1109/ICICT64420.2025.11004742
DO - 10.1109/ICICT64420.2025.11004742
M3 - Conference contribution
AN - SCOPUS:105007416900
T3 - Proceedings of 8th International Conference on Inventive Computation Technologies, ICICT 2025
SP - 1178
EP - 1183
BT - Proceedings of 8th International Conference on Inventive Computation Technologies, ICICT 2025
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 8th International Conference on Inventive Computation Technologies, ICICT 2025
Y2 - 23 April 2025 through 25 April 2025
ER -