All labs
Lab 63
Secure Architecture

OWASP Top 10 (2025) — Explorer

All ten of the 2025 OWASP risks in one place. Click any category to see what it is, a concrete healthcare-platform example, and the mitigation — with badges for what's new, moved or renamed since 2021, and links to the hands-on lab for each.

Pick a category, then play its attack in the panel below — toggle Secure mode to flip between the broken and the fixed design and watch what changes.
A01:2025Broken Access Control#1 again

Users act outside their permissions — reading or changing what isn't theirs. SSRF is now folded in here.

Logged in as user 1001 — click any order to open it
Fix: Server-side ownership checks, deny-by-default, enforce RBAC, never trust client-supplied ids.
What just happened