OWASP Non-Human Identity Top 10 - 2025: A Critical Security List

2025-02-04

The OWASP Non-Human Identity (NHI) Top 10 - 2025 outlines the ten most critical risks associated with using non-human identities (like bots and automated tools) in application development. Compiled using real-world breach data, surveys, and the OWASP Risk Rating Methodology, this list helps developers understand and mitigate significant security threats posed by NHIs, which are increasingly vital to modern development pipelines. Contributions to improve the project are welcome.

Read more
Development Non-Human Identity

OWASP Unveils Top 10 Non-Human Identity (NHI) Security Risks for 2025

2025-02-04
OWASP Unveils Top 10 Non-Human Identity (NHI) Security Risks for 2025

The OWASP has released its 2025 Top 10 Non-Human Identities (NHIs) security risks, highlighting vulnerabilities related to service accounts, API keys, and other non-human actors. These risks include secret leakage, excessive privileges, insecure authentication, and insufficient environment isolation, posing significant threats to software development and deployment security. The report emphasizes mitigation strategies and calls for collaboration between developers and security professionals to strengthen security practices.

Read more
Development Non-Human Identities