#545: OWASP Top 10 (2025 List) for Python Devs

The OWASP Top 10 just got a fresh update, and there are some big changes: supply chain attacks, exceptional condition handling, and more. Tanya Janca is back on Talk Python to walk us through every single one of them. And we're not just talking theory, we're going to turn Claude Code loose on a real open source project and see what it finds. Let's do it.

Episode sponsors

Temporal
Talk Python Courses

Links from the show DevSec Station Podcast: www.devsecstation.com
SheHacksPurple Newsletter: newsletter.shehackspurple.ca
owasp.org: owasp.org
owasp.org/Top10/2025: owasp.org
from here: github.com
Kinto: github.com
A01:2025 - Broken Access Control: owasp.org
A02:2025 - SecuA02 Security Misconfiguration: owasp.org
ASP.NET: ASP.NET
A03:2025 - Software Supply Chain Failures: owasp.org
A04:2025 - Cryptographic Failures: owasp.org
A05:2025 - Injection: owasp.org
A06:2025 - Insecure Design: owasp.org
A07:2025 - Authentication Failures: owasp.org
A08:2025 - Software or Data Integrity Failures: owasp.org
A09:2025 - Security Logging and Alerting Failures: owasp.org
A10 Mishandling of Exceptional Conditions: owasp.org
https://github.com/KeygraphHQ/shannon: github.com
anthropic.com/news/mozilla-firefox-security: www.anthropic.com
generalpurpose.com/the-distillation/claude-mythos-what-it-means-for-your-business: www.generalpurpose.com
Python Example Concepts: blobs.talkpython.fm

Watch this episode on YouTube: youtube.com
Episode #545 deep-dive: talkpython.fm/545
Episode transcripts: talkpython.fm

Theme Song: Developer Rap
🥁 Served in a Flask 🎸: talkpython.fm/flasksong

---== Don't be a stranger ==---
YouTube: youtube.com/@talkpython

Bluesky: @talkpython.fm
Mastodon: @[email protected]
X.com: @talkpython

Michael on Bluesky: @mkennedy.codes
Michael on Mastodon: @[email protected]
Michael on X.com: @mkennedy