{"podcast":{"title":"Talk Python To Me","slug":"talk-python-to-me","podcast_index_feed_id":742305,"rss_url":"https://talkpython.fm/episodes/rss","website_url":"https://talkpython.fm/","image_url":"https://cdn-podcast.talkpython.fm/static/img/talk-python-3000.jpg","author":"Michael Kennedy","episode_count":546,"summary":"Talk Python to Me is a weekly podcast hosted by developer and entrepreneur Michael Kennedy. We dive deep into the popular packages and software developers, data scientists, and incredible hobbyists doing amazing things with Python. If you're new to Python, you'll quickly learn the ins and outs of the community by hearing from the leaders. And if you've been Pythoning for years, you'll learn about your favorite packages and the hot new ones coming out of open source.","last_synced_at":null,"page_url":"https://stenobird.com/podcast/talk-python-to-me"},"episode":{"title":"#545: OWASP Top 10 (2025 List) for Python Devs","slug":"545-owasp-top-10-2025-list-for-python-devs","published_at":"2026-04-16T20:24:50+00:00","page_url":"https://stenobird.com/podcast/talk-python-to-me/545-owasp-top-10-2025-list-for-python-devs","show_page_url":"https://stenobird.com/podcast/talk-python-to-me","url":"https://talkpython.fm/episodes/show/545/owasp-top-10-2025-list-for-python-devs","audio_url":"https://talkpython.fm/episodes/download/545/owasp-top-10-2025-list-for-python-devs.mp3","summary":"Explore the critical updates in the 2025 OWASP Top 10, focusing on new threats like supply chain attacks and improper exception handling. The discussion features a live demonstration of using Claude Code to identify vulnerabilities in real-world Python projects.","meta_description":"Learn about the 2025 OWASP Top 10 updates, software supply chain security, and using AI agents like Claude Code to find vulnerabilities in Python code.","key_points":["Main idea: The 2025 OWASP update introduces significant shifts in how we categorize threats, specifically regarding supply chain integrity","Failure mode: Relying on UFW (Uncomplicated Firewall) in Docker environments can create a false sense of security, as Docker bypasses many standard iptables rules","Practical takeaway: When using AI coding agents, you must provide explicit security requirements rather than just asking for 'secure code' to avoid critical vulnerabilities","Main idea: Software supply chain security extends beyond libraries to include your entire development environment, including browsers and plugins","Practical takeaway: Use OWASP cheat sheets for specific implementation details like authentication and authorization to ensure standardized security"],"chapters":[{"start_ms":655000,"title":"The 2025 OWASP Top 10 Evolution","summary":"An overview of the recent updates to the OWASP Top 10 and the community feedback process that shaped the new list."},{"start_ms":940000,"title":"The Danger of Outdated Components","summary":"A case study on how an outdated media player vulnerability led to a full-scale network compromise and credential theft."},{"start_ms":1830000,"title":"The Docker Firewall Trap","summary":"A deep dive into why standard Linux firewalls like UFW often fail to protect exposed database ports in Dockerized environments."},{"start_ms":2140000,"title":"Securing the Software Supply Chain","summary":"Defining the modern attack surface, including the tools, browsers, and packages used in the development lifecycle."},{"start_ms":2450000,"title":"The Shift in Update Best Practices","summary":"Why the 'always auto-update to latest' strategy is no longer the gold standard for security."},{"start_ms":3655000,"title":"AI Agents as Security Auditors","summary":"Testing Claude Code on a vulnerable project to see how AI can identify and help remediate security flaws."}],"topics":["OWASP Top 10","Python Security","Software Supply Chain","Docker Networking","AI Coding Agents","Vulnerability Assessment","Cybersecurity Best Practices"],"duration_seconds":3963,"processing_state":"processed","actions":[{"name":"request_transcript","method":"POST","url":"https://stenobird.com/v1/public/podcasts/talk-python-to-me/episodes/545-owasp-top-10-2025-list-for-python-devs/transcription-requests","description":"Idempotently request low-priority transcript generation for this episode."},{"name":"read_markdown","method":"GET","url":"https://stenobird.com/podcast/talk-python-to-me/545-owasp-top-10-2025-list-for-python-devs.md","description":"Read the agent-friendly Markdown representation of this episode resource."}]}}