A deep-dive episode of Talk Python To Me covering the 2025 OWASP Top 10 with Tanya Janca (SheHacksPurple). The episode walks through all ten categories with Python-specific examples: broken access control in Django views, security misconfigurations like DEBUG=True in production and Docker port exposure bypassing UFW, expanded supply chain failures (pin deps with uv lock, run pip-audit in CI, avoid auto-updates), cryptographic failures (use Argon2, not MD5/SHA-1), injection risks including MongoDB operator injection and unsafe pickle/YAML deserialization, insecure design, authentication failures (don't roll your own auth), data integrity failures (use SRI hashes on CDN scripts), security logging gaps, and the brand-new #10: mishandling of exceptional conditions. Bonus topics include vibe coding risks, AI-generated insecure code, and a structured three-tier prompt library at securemyvibe.ca to bake security into AI-assisted development.
Sort: