A breakdown of the shifting threat landscape in modern application security.
| Rank | 2021 Standard | 2025 Outlook | Industry Shift |
|---|---|---|---|
| A01 | Broken Access Control | Broken Access Control | Identity-first security focus. |
| A02 | Cryptographic Failures | Security Misconfiguration | Infrastructure-as-Code (IaC) risks rose. |
| A03 | Injection | Software Supply Chain Failures | SBOM and pipeline integrity are critical. |
| A04 | Insecure Design | Cryptographic Failures | Post-Quantum cryptography readiness. |
| A05 | Security Misconfiguration | Injection | LLM Prompt Injection is the new frontier. |
| A06 | Vulnerable Components | Insecure Design | Architecture-level threat modeling. |
| A07 | Identification & Auth | Authentication Failures | Shift from passwords to Passkeys/FIDO2. |
| A08 | Software/Data Integrity | Software or Data Integrity | Protecting against rogue CI/CD plugins. |
| A09 | Logging & Monitoring | Logging & Alerting Failures | Active response over passive logs. |
| A10 | SSRF | Mishandling Exceptions | Logic errors in microservices. |