OWASP dropped its 2025 Top 10 on November 6th with a brand-new category nobody saw coming: “Mishandling of Exceptional Conditions” (A10). I spent a weekend building a scanner to detect these issues and immediately found authentication bypasses in three different production codebases. The most common pattern? return True in exception handlers, effectively granting access whenever the auth service hiccups. This article walks through building the scanner, what I found, and why this matters way more than you think.
Friday Night: OWASP Releases Something Interesting
I was scrolling through Twitter when I saw the OWASP announcement. They’d just released the 2025 Top 10 list at the Global AppSec Conference. Most people were talking about Supply Chain Security moving up to #3, but something else caught my eye.
Read the original article: