OWASP · ritorhymes · Dec 27, 2025
diff --git a/2025/docs/assets/OG-images/A01-OG.png b/2025/docs/assets/OG-images/A01-OG.png
diff --git a/2025/docs/assets/OG-images/A02-OG.png b/2025/docs/assets/OG-images/A02-OG.png
diff --git a/2025/docs/assets/OG-images/A03-OG.png b/2025/docs/assets/OG-images/A03-OG.png
diff --git a/2025/docs/assets/OG-images/A04-OG.png b/2025/docs/assets/OG-images/A04-OG.png
diff --git a/2025/docs/assets/OG-images/A05-OG.png b/2025/docs/assets/OG-images/A05-OG.png
diff --git a/2025/docs/assets/OG-images/A06-OG.png b/2025/docs/assets/OG-images/A06-OG.png
diff --git a/2025/docs/assets/OG-images/A07-OG.png b/2025/docs/assets/OG-images/A07-OG.png
diff --git a/2025/docs/assets/OG-images/A08-OG.png b/2025/docs/assets/OG-images/A08-OG.png
diff --git a/2025/docs/assets/OG-images/A09-OG.png b/2025/docs/assets/OG-images/A09-OG.png
diff --git a/2025/docs/assets/OG-images/A10-OG.png b/2025/docs/assets/OG-images/A10-OG.png
diff --git a/2025/docs/assets/OG-images/Global-OG-Alt.png b/2025/docs/assets/OG-images/Global-OG-Alt.png
diff --git a/2025/docs/assets/OG-images/Global-OG.png b/2025/docs/assets/OG-images/Global-OG.png
diff --git a/2025/docs/en/0x00_2025-Introduction.md b/2025/docs/en/0x00_2025-Introduction.md
@@ -1,3 +1,8 @@
+---
+title: "Introduction to the OWASP Top 10:2025"
+description: "Introduction to the OWASP Top 10:2025 - Learn what's changed, the methodology behind the rankings, and how to use this document to improve your security posture."
+---
+
 ![OWASP Logo](../assets/TOP_10_logo_Final_Logo_Colour.png)
 
 # The Ten Most Critical Web Application Security Risks

diff --git a/2025/docs/en/0x01_2025-About_OWASP.md b/2025/docs/en/0x01_2025-About_OWASP.md
@@ -1,3 +1,8 @@
+---
+title: "About OWASP - The Open Worldwide Application Security Project"
+description: "Learn about the OWASP Foundation, an open community dedicated to enabling organizations to develop, purchase, and maintain secure applications and APIs."
+---
+
 # About OWASP
 
 The Open Worldwide Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications and APIs that can be trusted.

diff --git a/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md b/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md
@@ -1,3 +1,8 @@
+---
+title: "What are Application Security Risks? - OWASP Top 10:2025"
+description: "Understanding application security risks is the first step to building secure software. Learn the fundamentals of risk assessment and vulnerabilities."
+---
+
 # What are Application Security Risks?
 Attackers can potentially use many different paths through your application to do harm to your business or organization. Each of these ways poses a potential risk that needs to be investigated.
 

diff --git a/2025/docs/en/0x03_2025-Establishing_a_Modern_Application_Security_Program.md b/2025/docs/en/0x03_2025-Establishing_a_Modern_Application_Security_Program.md
@@ -1,3 +1,8 @@
+---
+title: "Establishing a Modern Application Security Program - OWASP Top 10:2025"
+description: "Build a comprehensive application security program. Learn best practices, tools, and processes for integrating security throughout the system's lifecycle"
+---
+
 # Establishing a Modern Application Security Program
 
 The OWASP Top Ten lists are awareness documents, meant to bring awareness to the most critical risks of whichever topic they cover. They are not meant to be a complete list, only a starting place. In previous versions of this list we have prescribed starting an application security program as the best way to avoid these risks, and more. In this section we will cover how to start and build a modern application security program.

diff --git a/2025/docs/en/A01_2025-Broken_Access_Control.md b/2025/docs/en/A01_2025-Broken_Access_Control.md
@@ -1,3 +1,10 @@
+---
+title: "A01:2025 Broken Access Control - OWASP Top 10"
+description: "When access checks are missing or bypassable, users act outside their permissions. When this happens, attackers can read, change, or delete data"
+og_type: "article"
+og_image: "assets/OG-images/A01-OG.png"
+---
+
 #  A01:2025 Broken Access Control ![icon](../assets/TOP_10_Icons_Final_Broken_Access_Control.png){: style="height:80px;width:80px" align="right"}
 
 

diff --git a/2025/docs/en/A02_2025-Security_Misconfiguration.md b/2025/docs/en/A02_2025-Security_Misconfiguration.md
@@ -1,3 +1,10 @@
+---
+title: "A02:2025 Security Misconfiguration - OWASP Top 10"
+description: "When systems are configured insecurely or with defaults, attackers exploit open services, weak permissions, or verbose errors to gain access or leak data"
+og_type: "article"
+og_image: "assets/OG-images/A02-OG.png"
+---
+
 # A02:2025 Security Misconfiguration ![icon](../assets/TOP_10_Icons_Final_Security_Misconfiguration.png){: style="height:80px;width:80px" align="right"}
 
 

diff --git a/2025/docs/en/A03_2025-Software_Supply_Chain_Failures.md b/2025/docs/en/A03_2025-Software_Supply_Chain_Failures.md
@@ -1,3 +1,10 @@
+---
+title: "A03:2025 Software Supply Chain Failures - OWASP Top 10"
+description: "When dependencies or build pipelines are compromised, attackers can ship malicious updates. When this happens, trusted software becomes an entry point"
+og_type: "article"
+og_image: "assets/OG-images/A03-OG.png"
+---
+
 # A03:2025 Software Supply Chain Failures ![icon](../assets/TOP_10_Icons_Final_Vulnerable_Outdated_Components.png){: style="height:80px;width:80px" align="right"}
 
 

diff --git a/2025/docs/en/A04_2025-Cryptographic_Failures.md b/2025/docs/en/A04_2025-Cryptographic_Failures.md
@@ -1,3 +1,10 @@
+---
+title: "A04:2025 Cryptographic Failures - OWASP Top 10"
+description: "When encryption, keys, or protocols are weak or misused, attackers can expose sensitive data in transit or at rest and bypass protections"
+og_type: "article"
+og_image: "assets/OG-images/A04-OG.png"
+---
+
 # A04:2025 Cryptographic Failures ![icon](../assets/TOP_10_Icons_Final_Crypto_Failures.png){: style="height:80px;width:80px" align="right"}
 
 

diff --git a/2025/docs/en/A05_2025-Injection.md b/2025/docs/en/A05_2025-Injection.md
@@ -1,3 +1,10 @@
+---
+title: "A05:2025 Injection - OWASP Top 10"
+description: "When untrusted input is executed by an interpreter, attackers can run commands or queries. When this occurs, they can read, change, or destroy data."
+og_type: "article"
+og_image: "assets/OG-images/A05-OG.png"
+---
+
 # A05:2025 Injection ![icon](../assets/TOP_10_Icons_Final_Injection.png){: style="height:80px;width:80px" align="right"}
 
 ## Background. 

diff --git a/2025/docs/en/A06_2025-Insecure_Design.md b/2025/docs/en/A06_2025-Insecure_Design.md
@@ -1,3 +1,10 @@
+---
+title: "A06:2025 Insecure Design - OWASP Top 10"
+description: "When security requirements and threat models are missing, applications ship with flawed workflows and missing controls that attackers can exploit."
+og_type: "article"
+og_image: "assets/OG-images/A06-OG.png"
+---
+
 # A06:2025 Insecure Design ![icon](../assets/TOP_10_Icons_Final_Insecure_Design.png){: style="height:80px;width:80px" align="right"}
 
 

diff --git a/2025/docs/en/A07_2025-Authentication_Failures.md b/2025/docs/en/A07_2025-Authentication_Failures.md
@@ -1,3 +1,10 @@
+---
+title: "A07:2025 Authentication Failures - OWASP Top 10"
+description: "When systems accept wrong users as legitimate, enabling account takeover via credential stuffing or brute force"
+og_type: "article"
+og_image: "assets/OG-images/A07-OG.png"
+---
+
 # A07:2025 Authentication Failures ![icon](../assets/TOP_10_Icons_Final_Identification_and_Authentication_Failures.png){: style="height:80px;width:80px" align="right"}
 
 

diff --git a/2025/docs/en/A08_2025-Software_or_Data_Integrity_Failures.md b/2025/docs/en/A08_2025-Software_or_Data_Integrity_Failures.md
@@ -1,3 +1,10 @@
+---
+title: "A08:2025 Software or Data Integrity Failures - OWASP Top 10"
+description: "When integrity is not verified, untrusted code or data can be accepted as trusted, enabling supply chain attacks, tampering, or insecure deserialization"
+og_type: "article"
+og_image: "assets/OG-images/A08-OG.png"
+---
+
 # A08:2025 Software or Data Integrity Failures ![icon](../assets/TOP_10_Icons_Final_Software_and_Data_Integrity_Failures.png){: style="height:80px;width:80px" align="right"}
 
 ## Background. 

diff --git a/2025/docs/en/A09_2025-Security_Logging_and_Alerting_Failures.md b/2025/docs/en/A09_2025-Security_Logging_and_Alerting_Failures.md
@@ -1,3 +1,9 @@
+---
+title: "A09:2025 Security Logging and Alerting Failures - OWASP Top 10"
+description: "When events are not logged or monitored and alerts fail, attacks go unseen and incident response suffers"
+og_image: "assets/OG-images/A09-OG.png"
+---
+
 # A09:2025 Security Logging & Alerting Failures ![icon](../assets/TOP_10_Icons_Final_Security_Logging_and_Monitoring_Failures.png){: style="height:80px;width:80px" align="right"}
 
 

diff --git a/2025/docs/en/A10_2025-Mishandling_of_Exceptional_Conditions.md b/2025/docs/en/A10_2025-Mishandling_of_Exceptional_Conditions.md
@@ -1,3 +1,10 @@
+---
+title: "A10:2025 Mishandling of Exceptional Conditions - OWASP Top 10"
+description: "When software fails to prevent, detect, or respond to abnormal states, causing crashes, data leaks, or fail-open flaws"
+og_type: "article"
+og_image: "assets/OG-images/A10-OG.png"
+---
+
 # A10:2025 Mishandling of Exceptional Conditions ![icon](../assets/TOP_10_Icons_Final_Mishandling_of_Exceptional_Conditions.png){: style="height:80px;width:80px" align="right"}
 
 

diff --git a/2025/docs/en/X01_2025-Next_Steps.md b/2025/docs/en/X01_2025-Next_Steps.md
@@ -1,6 +1,11 @@
+---
+title: "Next Steps - OWASP Top 10:2025"
+description: "Next steps after learning the OWASP Top 10:2025. Discover resources, training, and guidance for implementing application security in your organization."
+---
+
 # Next Steps
 
-By design, the OWASP Top 10 is innately limited to the ten most significant risks. Every OWASP Top 10 has “on the cusp” risks considered at length for inclusion, but in the end, didn't make the cut. The other risks were more prevalent and impactful.
+By design, the OWASP Top 10 is innately limited to the ten most significant risks. Every OWASP Top 10 has "on the cusp" risks considered at length for inclusion, but in the end, didn't make the cut. The other risks were more prevalent and impactful.
 
 The following two issues are well worth the effort to identify and remediate, organizations working towards a mature appsec program, security consultancies, or tool vendors wishing to expand coverage for their offerings.
 

diff --git a/2025/docs/en/index.md b/2025/docs/en/index.md
@@ -1,3 +1,8 @@
+---
+title: "OWASP Top 10:2025 - The Most Critical Web Application Security Risks"
+description: "The OWASP Top 10 is a standard awareness document for developers and web application security, representing a broad consensus about the most critical security risks."
+---
+
 # OWASP Top 10:2025
 
 Welcome to the OWASP Top 10:2025 Release.

diff --git a/2025/mkdocs.yml b/2025/mkdocs.yml
@@ -9,6 +9,7 @@ theme:
   name: material
   language: en
   logo: assets/OWASP_Logo_Transp.png
+  custom_dir: overrides
   features:
     - navigation.sections
     - navigation.instant
@@ -35,6 +36,7 @@ nav:
 
 markdown_extensions:
   - attr_list
+  - meta
 
 plugins:
   - search

diff --git a/2025/overrides/main.html b/2025/overrides/main.html
@@ -0,0 +1,51 @@
+{% extends "base.html" %}
+
+{% block extrahead %}
+  {{ super() }}
+
+  {# Set defaults #}
+  {% set page_title = config.site_name %}
+  {% set page_description = config.site_description %}
+  {% set page_url = page.canonical_url %}
+  {% set page_type = "website" %}
+  {% set site_name = config.site_name %}
+  {% set og_image = config.site_url ~ "assets/OG-images/Global-OG.png" %}
+
+  {# Override with page-specific values from frontmatter if they exist #}
+  {% if page and page.meta %}
+    {% if page.meta.title %}
+      {% set page_title = page.meta.title %}
+    {% elif page.title and not page.is_homepage %}
+      {% set page_title = page.title | striptags %}
+    {% endif %}
+
+    {% if page.meta.description %}
+      {% set page_description = page.meta.description %}
+    {% endif %}
+
+    {% if page.meta.og_type %}
+      {% set page_type = page.meta.og_type %}
+    {% endif %}
+
+    {% if page.meta.og_image %}
+      {% set og_image = config.site_url ~ page.meta.og_image %}
+    {% endif %}
+  {% endif %}
+
+  {# Open Graph Meta Tags #}
+  <meta property="og:type" content="{{ page_type }}" />
+  <meta property="og:title" content="{{ page_title }}" />
+  <meta property="og:description" content="{{ page_description }}" />
+  <meta property="og:url" content="{{ page_url }}" />
+  <meta property="og:site_name" content="{{ site_name }}" />
+  <meta property="og:image" content="{{ og_image }}" />
+  <meta property="og:image:type" content="image/png" />
+  <meta property="og:image:width" content="1200" />
+  <meta property="og:image:height" content="630" />
+
+  {# Twitter Card Meta Tags #}
+  <meta name="twitter:card" content="summary_large_image" />
+  <meta name="twitter:title" content="{{ page_title }}" />
+  <meta name="twitter:description" content="{{ page_description }}" />
+  <meta name="twitter:image" content="{{ og_image }}" />
+{% endblock %}