# Lessons from MongoBleed, CWE Top 25, and Secure Coding Benchmarks - ASW #366 Page: https://stenobird.com/podcast/application-security-weekly-audio-436682/lessons-from-mongobleed-cwe-top-25-and-secure-coding-benchmarks-asw-366 Text version: https://stenobird.com/podcast/application-security-weekly-audio-436682/lessons-from-mongobleed-cwe-top-25-and-secure-coding-benchmarks-asw-366.md Podcast: [Application Security Weekly (Audio)](https://stenobird.com/podcast/application-security-weekly-audio-436682) Published: 2026-01-20T10:00:00+00:00 Episode link: https://aswaudio.libsyn.com/lessons-from-mongobleed-cwe-top-25-and-secure-coding-benchmarks-asw-366 Audio file: https://dts.podtrac.com/redirect.mp3/traffic.libsyn.com/secure/aswaudio/ASW_366_1--93d99b9b-4864-46dc-8a86-7c437511631e--audio-converted--c81a3a3c-4e25-43d5-aa11-47b224091289.mp3?dest-id=626765 Processing state: not_requested JSON: https://stenobird.com/v1/public/podcasts/application-security-weekly-audio-436682/episodes/lessons-from-mongobleed-cwe-top-25-and-secure-coding-benchmarks-asw-366 Duration seconds: 2645 ## Resource MongoBleed and a recent OWASP CRS bypass show how parsing problems remain a source of security flaws regardless of programming language. We talk with Kalyani Pawar about how these problems rank against the Top 25 CWEs for 2025 and what it means for relying on LLMs to generate code. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-366 ## Actions - request_transcript: `POST https://stenobird.com/v1/public/podcasts/application-security-weekly-audio-436682/episodes/lessons-from-mongobleed-cwe-top-25-and-secure-coding-benchmarks-asw-366/transcription-requests` — Idempotently request low-priority transcript generation for this episode. - read_markdown: `GET https://stenobird.com/podcast/application-security-weekly-audio-436682/lessons-from-mongobleed-cwe-top-25-and-secure-coding-benchmarks-asw-366.md` — Read the agent-friendly Markdown representation of this episode resource. A page view does not enqueue transcription. Agents should invoke `request_transcript` explicitly when they need this episode processed. ## Transcript Full transcripts are not published on public pages unless there is a clear rights basis.