All news with #owasp top 10 tag

🔍 CVE Lite CLI is an OWASP-backed, open-source scanner for JavaScript and TypeScript lockfiles that emphasizes local, early feedback for dependency vulnerabilities. The tool inspects npm, pnpm, and Yarn lockfiles using OSV data, distinguishes direct vs transitive issues, and recommends practical upgrade paths. It is designed as a lightweight developer tool complementing, not replacing, enterprise SCA platforms and intentionally keeps core vulnerability analysis deterministic while offering AI as an explanatory layer.

🔒 CredShields led the release of the OWASP Smart Contract Top 10 2026, an impact-weighted risk framework built from structured analysis of 2025 smart contract incidents that produced hundreds of millions in losses. The ranking highlights that governance and privilege failures—not just code bugs—drive the most severe on-chain compromises, naming access control, business logic, oracle manipulation, flash loan–facilitated attacks, and proxy/upgradeability vulnerabilities among the top risks. CredShields’ exploit intelligence platforms, SolidityScan and Web3HackHub, supported the aggregation and methodology informing the list.

🔒 The OWASP Top 10 update keeps broken access control at number one while adding new categories such as software supply chain failures and mishandling of exceptional conditions. The report also flags AI-generated code risks in a “next steps” entry titled X03:2025 Inappropriate Trust in AI Generated Code. The list draws on security data covering nearly 3 million applications and a survey of 221 experts.