Maikel Mardjan

How to Avoid Fake Confidence in Python Code Security The 5 Non-Negotiable Requirements of a Serious Python SAST Scanner

How to Avoid Fake Confidence in Python Code Security
open.substack.com/pub/nocomple...

#gpl #foss #appsec #infosec

Python Injection Attacks Finding eval(), exec(), and Insecure SQL Queries

Python Injection Attacks

medium.com/@maikelmardj...

#Python #pydata #pycon #owasp #cybersecurity #infosec

Mastering Security Testing for Python Applications
Standard Security Testing Isn’t Enough for #Python.

securitytesting.nocomplexity.com

#CyberSecurityAwareness #odido #Odidohack

GitHub - nocomplexity/codeaudit: Codeaudit - Modern Python source code security analyzer based on distrust. Codeaudit - Modern Python source code security analyzer based on distrust. - nocomplexity/codeaudit

A potential security issue or weakness is a general flaw, error, mistake or sloppy programming habit in a programs design, implementation, or operation that could lead to security problems.

So Use github.com/nocomplexity...

#security #weakness #testing #odido

Security Reference Architecture Develop superior security solutions with greater speed and efficiency. Leverage proven, open-source frameworks for your specific requirements.This Playbook is designed to help you navigate and resolve...

#Cybersecurity is often surrounded by myths and perceived as an impossibly complex domain.

This guide is targeted for reuse to solve your cybersecurity challenge. #open and simple solutions.
Free to read at nocomplexity.com/simplify-sec...

Or check

nocomplexity.gumroad.com/l/SecurityAr...

GitHub - nocomplexity/codeaudit: Codeaudit - Modern Python source code security analyzer based on distrust. Codeaudit - Modern Python source code security analyzer based on distrust. - nocomplexity/codeaudit

Securing your code isn’t just about who gets in—it’s about what gets out.

#Python Code Audit External Egress Detection feature is a vital for security and prevention of data leaks.

Try it out!
github.com/nocomplexity...

#Pycon #AppSec #CyberSecurity #DataProtection

GitHub - nocomplexity/codeaudit: Codeaudit - Modern Python source code security analyzer based on distrust. Codeaudit - Modern Python source code security analyzer based on distrust. - nocomplexity/codeaudit

Cyber protection can be better and simpler. SBOMs describe what ends up in a software, not how it got there. Having a SBOM does not make your software secure! Doing a SAST scan on software before using, is simple and gives real insights.

Code does not lie.
github.com/nocomplexity...

#pydata

From Vulnerable to Verifiable: Master Python File I/O Today How To Open a file securely

From Vulnerable to Verifiable: Master Python File I/O Today
How To Open a file securely

open.substack.com/pub/nocomple...

#pycon #pydata #owasp #infosec

GitHub - nocomplexity/codeaudit: Codeaudit - Modern Python source code security analyzer based on distrust. Codeaudit - Modern Python source code security analyzer based on distrust. - nocomplexity/codeaudit

Never trust #Python importlib.import_module in programs of others!

Allowing dynamically module imports makes it easy to execute arbitrary code.

Possible mitigation:Use the Python Code Audit to check the code upfront! github.com/nocomplexity...

#security #infosec #owasp #vulnerability

#fosdem 2026 was again a great party for all #FOSS addicts.

FOSDEM is still the #1 FOSS conference for developers to learn and meet like-minded people.

This year with a great talk of @agoose77.bsky.social on things possible with #JupyterBook (version 2!)
Check it out on jupyterbook.org

Many Python code weaknesses are detected in the #Open Source Python SAST tool, Python Code Audit

github.com/nocomplexity...

#fosdem #pydata #infosec #owasp

Security Reference Architecture Develop superior security solutions with greater speed and efficiency. Leverage proven, open-source frameworks for your specific requirements.This Playbook is designed to help you navigate and resolve...

I checked more than 1200 URLs on validity. Great new input is added!

This guide is to solve your most complex security challenges using practical, proven strategies.

Free at nocomplexity.com/documents/se...
Or as PDF on

nocomplexity.gumroad.com/l/SecurityAr...
#infosec #fosdem #cybersecurity

Why ‘Zero Trust’ is Mostly Just Zero Transparency FOSS: The Only Cybersecurity You Can Actually Trust.

Why ‘Zero Trust’ is Mostly Just Zero Transparency

FOSS: The Only Cybersecurity You Can Actually Trust? Still never trust, always verify!
open.substack.com/pub/nocomple...

#trust #gpl #foss #opensource #cybersecurity

From Hours to Seconds: Automating Python Security with AI? The Truth About AI Python Security Tools: A Balanced Deep Dive.

From Hours to Seconds: Automating Python Security with AI?

The Truth About AI Python Security Tools: A Balanced Deep Dive.

open.substack.com/pub/nocomple...

#fosdem #python #gemeni #openai

Defence in Depth in Python Security: Why Using Multiple SAST Tools Matters Defence in depth is a core security principle that relies on multiple, independent security controls.

Defence in Depth in Python Security: Why Using Multiple SAST Tools Matters

open.substack.com/pub/nocomple...

#python #security #gpl #foss

How to Stop Directory Traversal Attacks in Python The Danger of Directory Traversal

How to Stop Directory Traversal Attacks in Python -
The Danger of Directory Traversal

open.substack.com/pub/nocomple...

#python #appsec #programming

a penguin wearing glasses has a stack of books on his head and the words always be learning behind him ALT: a penguin wearing glasses has a stack of books on his head and the words always be learning behind him

Sha256 algorithm explained, The Illustrated TLS 1.3 Connection, OWASP Juice Shop and more free #CyberSecurity courses!

nocomplexity.com/documents/se...

Input? Let me know!
#owasp #free #Learning

GitHub - nocomplexity/codeaudit: Codeaudit - Modern Python source code analyzer based on distrust. Codeaudit - Modern Python source code analyzer based on distrust. - nocomplexity/codeaudit

I advocate for ‘simple’ Open Cybersecurity solutions. At minimum, this means #opensource software with maintainable code and a security.md file that makes reporting vulnerabilities possible in under 10 seconds!

github.com/nocomplexity...

#fosdem #security #pycon

DO NOT rely on SAST #security scanners that are powered by AI-agents to solve cyber security problems!

Most are just far from good enough.

In the best case scenario, you’ll only be disappointed. But the risk of a false sense of security is enormous.

Use github.com/nocomplexity...

A Data-Driven Analysis of PyCon Talks on security According to many statistics, Python is the number-one programming language in use today, largely due to the rise of AI and machine learning research, data analysis, and related applications.

I was curious to know how many security-related talks are held at large Python conferences, so I analysed the largest PyCon conferences of the last few years.

open.substack.com/pub/nocomple...

#pycon #owasp #appsec

The Fastest Way to Validate External Python Modules The Secret to Instant Security Validation Without the Headache

The Fastest Way to Validate External Python Modules
Instant #python Security Validation Without a #Headache

open.substack.com/pub/nocomple...

#cyber #pycon #appsec #owasp

Python Code goes through parsing, complication and execution. Python's execution model combines interpretation with compilation.

Python’s popularity make it a target for malicious actors:

Python code is not secure by default!

codeaudit.nocomplexity.com
#CPython #owasp #pycon

#python #programming #coding #cybersecurity

Python security is gaining attention due to the still rising usage. Python can be considered a secure language, yet Python applications are susceptible to common security flaws.

github.com/nocomplexity...

#pycon #fosdem #owasp

Avoid Python SAST scanners based on AI What happened with blockchain technology is also happening with AI technology.

Avoid Python SAST scanners based on AI
open.substack.com/pub/nocomple...

#pydata #pycon #fosdem

The 2026 SAST Shortlist: What’s Actually Worth Using? The Secret to Shifting Left in 2026: Modern Python SAST

The 2026 SAST Shortlist: What’s Actually Worth Using?
Spoiler …there is not so much choice…

open.substack.com/pub/nocomple...

GitHub - nocomplexity/codeaudit: Codeaudit - Modern Python source code analyzer based on distrust. Codeaudit - Modern Python source code analyzer based on distrust. - nocomplexity/codeaudit

#Python function:
def dangerous_calculator(user_input):
print(f"Entered: {user_input}")
exec(user_input)

Someone will do:
dangerous_calculator("__import__('os').system('rm -rf /')")

Always check code with Python Code Audit!
github.com/nocomplexity...

#infosec #owasp #pycon #programming

Never do:

func_name = input("Enter function to run: ")
exec(f"{func_name}()")

Using `exec` in Python code is the fastest way to turn your Python script into a remote code execution vulnerability.

Read: nocomplexity.com/exec-in-pyth...

#python #pycon #owasp #appsec #infosec

#Threatmodelling is identifying and analysing potential security threats and vulnerabilities in a system, application, or network.

To mitigate potential security risks with a balanced budget, security threat modelling is critical.
Use the (free) SAST for #Python nocomplexity.com/codeaudit/

#owasp

Every Python package that is able to dynamically load code is suspicious by default! Use github.com/nocomplexity... to check what happens.

#pycon #python #owasp #infosec #appsec #programming #sast