The OWASP Top 10 just got a fresh update, and there are some big changes: supply chain attacks, exceptional condition handling, and more. Tanya Janca is back on Talk Python to walk us through every single one of them. And we're not just talking theory, we're going to turn Claude Code loose on a real open source project and see what it finds. Let's do it.


Episode sponsors


Temporal

Talk Python Courses


Links from the show

DevSec Station Podcast: www.devsecstation.com

SheHacksPurple Newsletter: newsletter.shehackspurple.ca

owasp.org: owasp.org

owasp.org/Top10/2025: owasp.org

from here: github.com

Kinto: github.com

A01:2025 - Broken Access Control: owasp.org

A02:2025 - SecuA02 Security Misconfiguration: owasp.org

ASP.NET: ASP.NET

A03:2025 - Software Supply Chain Failures: owasp.org

A04:2025 - Cryptographic Failures: owasp.org

A05:2025 - Injection: owasp.org

A06:2025 - Insecure Design: owasp.org

A07:2025 - Authentication Failures: owasp.org

A08:2025 - Software or Data Integrity Failures: owasp.org

A09:2025 - Security Logging and Alerting Failures: owasp.org

A10 Mishandling of Exceptional Conditions: owasp.org

https://github.com/KeygraphHQ/shannon: github.com

anthropic.com/news/mozilla-firefox-security: www.anthropic.com

generalpurpose.com/the-distillation/claude-mythos-what-it-means-for-your-business: www.generalpurpose.com

Python Example Concepts: blobs.talkpython.fm


Watch this episode on YouTube: youtube.com

Episode #545 deep-dive: talkpython.fm/545

Episode transcripts: talkpython.fm


Theme Song: Developer Rap

🥁 Served in a Flask 🎸: talkpython.fm/flasksong


---== Don't be a stranger ==---

YouTube: youtube.com/@talkpython


Bluesky: @talkpython.fm

Mastodon: @talkpython@fosstodon.org

X.com: @talkpython


Michael on Bluesky: @mkennedy.codes

Michael on Mastodon: @mkennedy@fosstodon.org

Michael on X.com: @mkennedy

Podden och tillhörande omslagsbild på den här sidan tillhör Michael Kennedy. Innehållet i podden är skapat av Michael Kennedy och inte av, eller tillsammans med, Poddtoppen.