Maikel Mardjan
LightNews LightNews
nocomplexity.bsky.social
Maikel Mardjan
@nocomplexity.bsky.social
18 followers 34 following 78 posts
IT Architect, (System) Software Engineer, Technology Addict, IT Entrepreneur, Hacker, Track And Field Runner, and Problem solver! Simplify IT -> https://nocomplexity.com/
nocomplexity.com
Posts Media Videos Starter Packs
Pinned
nocomplexity.bsky.social
Maikel Mardjan @nocomplexity.bsky.social · Dec 2
Security Conferences Overview
There are many...I love conferences that embrace openness. #Security #conferences that resources behind a paywall are never worth the effort.

Check: nocomplexity.com/cybersecurit...

#owasp #infosecurity #infosec #cybersecurity #freedom
1 1
nocomplexity.bsky.social
Maikel Mardjan @nocomplexity.bsky.social · 8d
In today’s world, security remains a critical concern.
Python Secure Coding Guidelines are for anyone who wants to create #Python programs that are secure by design.

Check: nocomplexity.com/python-secur...

#pycon #appsec #owasp #programming #ai #free #checklist
nocomplexity.bsky.social
Maikel Mardjan @nocomplexity.bsky.social · 11d
Voorkom Cyber Security incidenten. Simpel en effectief.

Python Code Audit is de #1 open source oplossing om kwetsbaarheden in #Python programma’s te vinden.

organisatieontwerp.nl/codeaudit/

#informatiebeveiliging #python #appsec #cybersecurity
3
nocomplexity.bsky.social
Maikel Mardjan @nocomplexity.bsky.social · 16d
Example of a #security disaster waiting to happen?!

Check nocomplexity.com/documents/co...
Zipfiles extraction
nocomplexity.com
nocomplexity.bsky.social
Maikel Mardjan @nocomplexity.bsky.social · 16d
The quality of modern #Python software relies heavily on the effective use of static code analysis tools.
Never trust, always verify!
So use the #FOSS #SAST #tool #Python #Code Audit - github.com/nocomplexity...

#pythonbrasil #hw_ioNL2025 #appsec #owasp #pycon #PyTorchCon #infosec
1
nocomplexity.bsky.social
Maikel Mardjan @nocomplexity.bsky.social · 22d
We believe that #security testing of #Python code should be carried out more and to a higher standard — but it should also be extremely #simple for everyone to perform. Anyone should be able to run a #SAST test quickly and easily.

github.com/nocomplexity...
#infosec #pycon #owasp #appsec #cybersec
GitHub - nocomplexity/codeaudit: Codeaudit - Modern Python source code analyzer based on distrust.
Codeaudit - Modern Python source code analyzer based on distrust. - nocomplexity/codeaudit
github.com
1
nocomplexity.bsky.social
Maikel Mardjan @nocomplexity.bsky.social · 25d
#Python #Code Audit includes the most comprehensive collection of #security rules for verifying secure use of Python Standard Library functions.

#free #free #free to use, it’s #oss #GPLisBack

Never #trust #python #modules, #verify #it
github.com/nocomplexity...

#PyCon #owasp
1
nocomplexity.bsky.social
Maikel Mardjan @nocomplexity.bsky.social · 27d
#Python Under Fire: Hidden #Security Risks

Spot vulnerabilities with Python Code Audit, a SAST tool that makes securing your #Python #code easy and effective.
See nocomplexity.com/python-secur...

#BHEU #appsec #owasp #infosec #Pycon #TallinnDigitalSummit #PyConAfrica #UDallas #SREcon25
1
nocomplexity.bsky.social
Maikel Mardjan @nocomplexity.bsky.social · 29d
Google’s CodeMender: More Dangerous Than Helpful?

nocomplexity.com/google-codem...

#infosec #google #security #cybersecurity #appsec #sast
a google logo with a cartoon character sitting in front of a computer
ALT: a google logo with a cartoon character sitting in front of a computer
media.tenor.com
nocomplexity.bsky.social
Maikel Mardjan @nocomplexity.bsky.social · 29d
#Static Application #Security #Testing (#SAST) is a security methodology that analyzes an application’s source code and artifacts (designs).

Advantage of SAST for #Python is automation. But do not fall for the #AI hype. nocomplexity.com/ai-sast-scan...

#owasp #appsec #infosec #ml #eff #foss #gpl
nocomplexity.bsky.social
Maikel Mardjan @nocomplexity.bsky.social · Oct 6
Cyclomatic complexity is a software metric used to indicate the complexity of a program.

#secure software is #simple software.

Check security and #complexity for #python #software with #python #code #audit github.com/nocomplexity...

#infosec #appsec #owasp #cyber #ai #oss
GitHub - nocomplexity/codeaudit: Codeaudit - Modern Python source code analyzer based on distrust.
Codeaudit - Modern Python source code analyzer based on distrust. - nocomplexity/codeaudit
github.com
3
nocomplexity.bsky.social
Maikel Mardjan @nocomplexity.bsky.social · Oct 2
Most security tools only check KNOWN #vulnerabilities.

But #security scanning must be done on code! This to find #Python #code like:
import builtins
b = builtins
b.exec("2+2")

Python Code Audit finds vulnerabilities in your #Python code: github.com/nocomplexity...
#appsec #owasp #infosec #trust
GitHub - nocomplexity/codeaudit: Codeaudit - Modern Python source code analyzer based on distrust.
Codeaudit - Modern Python source code analyzer based on distrust. - nocomplexity/codeaudit
github.com
1
nocomplexity.bsky.social
Maikel Mardjan @nocomplexity.bsky.social · Oct 1
Goodbye Bandit, Hello Python Code Audit

nocomplexity.com/stop-using-b...

Stop Relying on Bandit->There’s a Better Way!

#pythonprogramming #infosec #owasp #python #cybersecurty #appsec #auditnow #PyTorch #ai #openai #ml #Grok #fsf #gpl #RiseAndFall
2
nocomplexity.bsky.social
Maikel Mardjan @nocomplexity.bsky.social · Sep 30
SAST: The Secret to #Secure Python #Apps

nocomplexity.substack.com/p/sast-the-s...

Python Code Audit - nocomplexity.com/codeaudit/ application security testing (#SAST) tool #designed for #Python programs.

#infosec #vulnerability #CyberSecurity #appsec #owasp
#oss #ossf #fsfe #gpl
1 4
nocomplexity.bsky.social
Maikel Mardjan @nocomplexity.bsky.social · Sep 24
The #python Connection.recv() method unpickles the #data it receives, which can be a #security risk.
#python #Code #audit checks on the multiprocessing Connection.recv() in #python code.

Static application #security #testing (SAST) is a must do!
github.com/nocomplexity...
#owasp #infosec #cve
GitHub - nocomplexity/codeaudit: Codeaudit - Modern Python source code analyzer based on distrust.
Codeaudit - Modern Python source code analyzer based on distrust. - nocomplexity/codeaudit
github.com
1
nocomplexity.bsky.social
Maikel Mardjan @nocomplexity.bsky.social · Sep 23
Using #Python TarFile.extractall or TarFile.extract is #dangerous
Assume all input is #malicious.

Use nocomplexity.com/codeaudit/

#cve #infosec #cybersecurity #owasp #ai #ml #appsec
Python Code Audit – NO Complexity
nocomplexity.com
1
nocomplexity.bsky.social
Maikel Mardjan @nocomplexity.bsky.social · Sep 18
#python dynamic imports are a potential #security issues. Use: importlib.import_module() This offers a better way to handle dynamic imports. Avoid using __import__

Do a #sast check on the code you use. Use the #free tool nocomplexity.com/codeaudit/
#vulnerability #infosec #owasp #ransomware
nocomplexity.bsky.social
Maikel Mardjan @nocomplexity.bsky.social · Sep 15
Guidance on End-to-End Email #Security, #Code does not lie
, #Secure #Boot bypasses and more!

Check #Open Security News nocomplexity.com/open-securit...

#infosec #CyberSecurity #owasp #HybridPetya #Google
a long list of numbers and letters including vatcsh9335
ALT: a long list of numbers and letters including vatcsh9335
media.tenor.com
1
nocomplexity.bsky.social
Maikel Mardjan @nocomplexity.bsky.social · Sep 11
Never use #python pickle.load() or pickle.loads() on data received from an untrusted source. Use #python #code #audit to check your code. See github.com/nocomplexity...

#infosec #cyber #security #sasr #owasp #appsec
GitHub - nocomplexity/codeaudit: Codeaudit - Modern Python source code analyzer based on distrust.
Codeaudit - Modern Python source code analyzer based on distrust. - nocomplexity/codeaudit
github.com
nocomplexity.bsky.social
Maikel Mardjan @nocomplexity.bsky.social · Sep 9
How to do a SAST test?
A Static Application #Security Test on #Python code is essential for security. It’s also a #shift-left practice that can help you to avoid serious security #incidents.

Check nocomplexity.com/documents/co...

#owasp #oss #psf #infosec #devopssec #ssdlc #audit #gpl
a stick figure is sitting at a desk next to a trash can with a work sign on it
ALT: a stick figure is sitting at a desk next to a trash can with a work sign on it
media.tenor.com
1
nocomplexity.bsky.social
Maikel Mardjan @nocomplexity.bsky.social · Sep 7
#python os.system : executing OS things can be malware.
so test on clowns!

from os import system as clown
clown('hack.now -la')

#code #audit finds this #clown, so make sure you do #security #testing with github.com/nocomplexity...

#opensource #free #validate #cybersecutity #infosec
GitHub - nocomplexity/codeaudit: Codeaudit - Modern Python source code analyzer based on distrust.
Codeaudit - Modern Python source code analyzer based on distrust. - nocomplexity/codeaudit
github.com
1
nocomplexity.bsky.social
Maikel Mardjan @nocomplexity.bsky.social · Sep 6
import builtins
b = builtins
b.exec("2+2")

Obfuscating usage of builtin #python calls… #Python #code #audit will find it!
use nocomplexity.com/codeaudit/
to find #security issues in Python code
#cybersecurity #infosec #sast #owasp #cwe #cve #risk #malware
homer simpson is standing in front of a building with a sign on it
ALT: homer simpson is standing in front of a building with a sign on it
media.tenor.com
nocomplexity.bsky.social
Maikel Mardjan @nocomplexity.bsky.social · Aug 25
#Code does not lie!
#Transparency helps to improve #cybersecurity. #Security by obscurity is generally a bad security practice.
Use github.com/nocomplexity...
GitHub - nocomplexity/codeaudit: Codeaudit - Modern Python source code analyzer based on distrust.
Codeaudit - Modern Python source code analyzer based on distrust. - nocomplexity/codeaudit
github.com
1
nocomplexity.bsky.social
Maikel Mardjan @nocomplexity.bsky.social · Aug 24
The use of the #python marshal can give #security issues.

The marshal module is not intended to be secure against erroneous or #maliciously constructed data.
Use Python Code Audit nocomplexity.com/codeaudit/
#infosec #owasp #cyber
1
nocomplexity.bsky.social
Maikel Mardjan @nocomplexity.bsky.social · Aug 21
When base encoding and #decoding is implemented, care should be taken not to introduce #vulnerabilities to buffer overflow attacks, or other attacks on the implementation.

Use #python #code #audit
nocomplexity.com/codeaudit/ We check on #Base64 use.
a green background with the words " inner atmos " written on it
ALT: a green background with the words " inner atmos " written on it
media.tenor.com
nocomplexity.bsky.social
Maikel Mardjan @nocomplexity.bsky.social · Aug 20
#security Issues in #Python are not necessarily directly #exploitable , but detected security issues are a fertile ground for #vulnerabilities to appear.

So use python #code #audit nocomplexity.com/codeaudit/
#malware #infosec #owasp #malware #cyber