Full Show Notes
Segment One
Lessons from MongoBleed, CWE Top 25, and Secure Coding Benchmarks – ASW #366
MongoBleed and a recent OWASP CRS bypass show how parsing problems remain a source of security flaws regardless of programming language. We talk with Kalyani Pawar about how these problems rank against the Top 25 CWEs for 2025 and what it means for relying on LLMs to generate code.
Announcements
Security Weekly listeners save $100 on their RSAC 2026 All Access Pass! RSAC 2026 Conference will take place March 23rd to March 26th in San Francisco. To register using our discount code, please visit securityweekly.com/rsac26 and use the code 56U5SECWEEKLY! We hope to see you there!
List of Articles
Mike Shema
- CVE-2026-21876: Critical Multipart Charset Bypass Fixed in CRS 4.22.0 and 3.3.8
- MongoBleed: Critical MongoDB Vulnerability CVE-2025-14847 | Wiz Blog
Are you parsing something or compressing something? Because those are two areas that seem to be rife with vulns.
- 2025 CWE Top 25 Most Dangerous Software Weaknesses
Check out CISA's overview of the list, too.
- The State of Secure Coding Benchmarks: SecCodeBench – Blog – Corridor
- The Total Cost of AI Ownership: The Costs Not on Your… | Bishop Fox
- COOL: How Benn Jordan Discovered Flock’s Cameras Were Left Streaming to the Internet
- FYI: Top 10 web hacking techniques of 2025: call for nominations | PortSwigger Research
- HISTORY: Hacker’s Manifesto
