OWASP Top 10 Turns 20: Still Valid, Still Controversial

The OWASP Top 10 has been the web application security yardstick for over two decades now, from its first edition in 2003 to the latest 2025 update, with its changes of format and scope often stirring industry controversy.

In this episode of AppSec Serialized, Dan Murphy and Ryan Bergquist discuss the past, present, and future of the OWASP Top 10, and do a reality check on its practical usefulness today.