Listen to the episode on your favorite platforms:
The OWASP Top 10 just got a fresh update, and there are some big changes: supply chain attacks, exceptional condition handling, and more. Tanya Janca is back on Talk Python to walk us through every single one of them. And we're not just talking theory, we're going to turn Claude Code loose on a real open source project and see what it finds. Let's do it.
Episode sponsors
Temporal
Talk Python Courses
SheHacksPurple Newsletter: newsletter.shehackspurple.ca
owasp.org: owasp.org
owasp.org/Top10/2025: owasp.org
from here: github.com
Kinto: github.com
A25 - Broken Access Control: owasp.org
A25 - SecuA02 Security Misconfiguration: owasp.org
ASP.NET: ASP.NET
A25 - Software Supply Chain Failures: owasp.org
A25 - Cryptographic Failures: owasp.org
A25 - Injection: owasp.org
A25 - Insecure Design: owasp.org
A25 - Authentication Failures: owasp.org
A25 - Software or Data Integrity Failures: owasp.org
A25 - Security Logging and Alerting Failures: owasp.org
A10 Mishandling of Exceptional Conditions: owasp.org
https://github.com/KeygraphHQ/shannon: github.com
anthropic.com/news/mozilla-firefox-security: www.anthropic.com
generalpurpose.com/the-distillation/claude-mythos-what-it-means-for-your-business: www.generalpurpose.com
Python Example Concepts: blobs.talkpython.fm
Watch this episode on YouTube: youtube.com
Episode #545 deep-dive: talkpython.fm/545
Episode transcripts: talkpython.fm
Theme Song: Developer Rap
🥁 Served in a Flask 🎸: talkpython.fm/flasksong
---== Don't be a stranger ==---
YouTube: youtube.com/@talkpython
Bluesky: @talkpython.fm
Mastodon: @talkpython@fosstodon.org
X.com: @talkpython
Michael on Bluesky: @mkennedy.codes
Michael on Mastodon: @mkennedy@fosstodon.org
Michael on X.com: @mkennedy
Episode sponsors
Temporal
Talk Python Courses
Links from the show
DevSec Station Podcast: www.devsecstation.comSheHacksPurple Newsletter: newsletter.shehackspurple.ca
owasp.org: owasp.org
owasp.org/Top10/2025: owasp.org
from here: github.com
Kinto: github.com
A25 - Broken Access Control: owasp.org
A25 - SecuA02 Security Misconfiguration: owasp.org
ASP.NET: ASP.NET
A25 - Software Supply Chain Failures: owasp.org
A25 - Cryptographic Failures: owasp.org
A25 - Injection: owasp.org
A25 - Insecure Design: owasp.org
A25 - Authentication Failures: owasp.org
A25 - Software or Data Integrity Failures: owasp.org
A25 - Security Logging and Alerting Failures: owasp.org
A10 Mishandling of Exceptional Conditions: owasp.org
https://github.com/KeygraphHQ/shannon: github.com
anthropic.com/news/mozilla-firefox-security: www.anthropic.com
generalpurpose.com/the-distillation/claude-mythos-what-it-means-for-your-business: www.generalpurpose.com
Python Example Concepts: blobs.talkpython.fm
Watch this episode on YouTube: youtube.com
Episode #545 deep-dive: talkpython.fm/545
Episode transcripts: talkpython.fm
Theme Song: Developer Rap
🥁 Served in a Flask 🎸: talkpython.fm/flasksong
---== Don't be a stranger ==---
YouTube: youtube.com/@talkpython
Bluesky: @talkpython.fm
Mastodon: @talkpython@fosstodon.org
X.com: @talkpython
Michael on Bluesky: @mkennedy.codes
Michael on Mastodon: @mkennedy@fosstodon.org
Michael on X.com: @mkennedy
Smart linkhttps://podcast.ru/e/.6G8GxOsTZw
Official sitehttps://talkpython.fm/
Auto-openhttps://podcast.ru/e/.6G8GxOsTZw?a
Add podcast to the siteEmbed Podcast