The OWASP Top 10 just got a fresh update, and there are some big changes: supply chain attacks, exceptional condition handling, and more. Tanya Janca is back on Talk Python to walk us through every single one of them. And we're not just talking theory, we're going to turn Claude Code loose on a real open source project and see what it finds. Let's do it.

Temporal

Talk Python Courses

Links from the show

DevSec Station Podcast: www.devsecstation.com

SheHacksPurple Newsletter: newsletter.shehackspurple.ca

owasp.org: owasp.org

owasp.org/Top10/2025: owasp.org

from here: github.com

Kinto: github.com

A01:2025 - Broken Access Control: owasp.org

A02:2025 - SecuA02 Security Misconfiguration: owasp.org

ASP.NET: ASP.NET

A03:2025 - Software Supply Chain Failures: owasp.org

A04:2025 - Cryptographic Failures: owasp.org

A05:2025 - Injection: owasp.org

A06:2025 - Insecure Design: owasp.org

A07:2025 - Authentication Failures: owasp.org

A08:2025 - Software or Data Integrity Failures: owasp.org

A09:2025 - Security Logging and Alerting Failures: owasp.org

A10 Mishandling of Exceptional Conditions: owasp.org

https://github.com/KeygraphHQ/shannon: github.com

anthropic.com/news/mozilla-firefox-security: www.anthropic.com

generalpurpose.com/the-distillation/claude-mythos-what-it-means-for-your-business: www.generalpurpose.com

Python Example Concepts: blobs.talkpython.fm

Watch this episode on YouTube: youtube.com

Episode #545 deep-dive: talkpython.fm/545

Episode transcripts: talkpython.fm

🥁 Served in a Flask 🎸: talkpython.fm/flasksong

YouTube: youtube.com/@talkpython

Bluesky: @talkpython.fm

Mastodon: @[email protected]

X.com: @talkpython

Michael on Bluesky: @mkennedy.codes

Michael on Mastodon: @[email protected]

Michael on X.com: @mkennedy