Maikel Mardjan
@nocomplexity.bsky.social
IT Architect, (System) Software Engineer, Technology Addict, IT Entrepreneur, Hacker, Track And Field Runner, and Problem solver!
Simplify IT -> https://nocomplexity.com/
Simplify IT -> https://nocomplexity.com/
Pinned
Security Conferences Overview
There are many...I love conferences that embrace openness. #Security #conferences that resources behind a paywall are never worth the effort.
Check: nocomplexity.com/cybersecurit...
#owasp #infosecurity #infosec #cybersecurity #freedom
There are many...I love conferences that embrace openness. #Security #conferences that resources behind a paywall are never worth the effort.
Check: nocomplexity.com/cybersecurit...
#owasp #infosecurity #infosec #cybersecurity #freedom
The random module in Python is not for security or cryptographic purposes, such as generating session tokens,, or passwords.
Use the #free SAST Tool:
Python Code Audit - github.com/nocomplexity...
To check on use of the random module in #code
#pycon #owasp #random #infosec #cyber
Use the #free SAST Tool:
Python Code Audit - github.com/nocomplexity...
To check on use of the random module in #code
#pycon #owasp #random #infosec #cyber
GitHub - nocomplexity/codeaudit: Codeaudit - Modern Python source code analyzer based on distrust.
Codeaudit - Modern Python source code analyzer based on distrust. - nocomplexity/codeaudit
github.com
November 10, 2025 at 8:39 PM
Python does not implement privilege separation. Once an attacker is able to execute arbitrary Python code, the attacker gets the same privileges that is used to run the program.
So use Python Code Audit- an advanced SAST tool github.com/nocomplexity...
#owasp #pycon #appsec
So use Python Code Audit- an advanced SAST tool github.com/nocomplexity...
#owasp #pycon #appsec
a cat is looking up at the camera while standing on a bed
ALT: a cat is looking up at the camera while standing on a bed
media.tenor.com
November 9, 2025 at 6:54 PM
Python does not implement privilege separation. Once an attacker is able to execute arbitrary Python code, the attacker gets the same privileges that is used to run the program.
So use Python Code Audit- an advanced SAST tool github.com/nocomplexity...
#owasp #pycon #appsec
So use Python Code Audit- an advanced SAST tool github.com/nocomplexity...
#owasp #pycon #appsec
In today’s world, security remains a critical concern.
Python Secure Coding Guidelines are for anyone who wants to create #Python programs that are secure by design.
Check: nocomplexity.com/python-secur...
#pycon #appsec #owasp #programming #ai #free #checklist
Python Secure Coding Guidelines are for anyone who wants to create #Python programs that are secure by design.
Check: nocomplexity.com/python-secur...
#pycon #appsec #owasp #programming #ai #free #checklist
October 28, 2025 at 5:47 PM
In today’s world, security remains a critical concern.
Python Secure Coding Guidelines are for anyone who wants to create #Python programs that are secure by design.
Check: nocomplexity.com/python-secur...
#pycon #appsec #owasp #programming #ai #free #checklist
Python Secure Coding Guidelines are for anyone who wants to create #Python programs that are secure by design.
Check: nocomplexity.com/python-secur...
#pycon #appsec #owasp #programming #ai #free #checklist
Voorkom Cyber Security incidenten. Simpel en effectief.
Python Code Audit is de #1 open source oplossing om kwetsbaarheden in #Python programma’s te vinden.
organisatieontwerp.nl/codeaudit/
#informatiebeveiliging #python #appsec #cybersecurity
Python Code Audit is de #1 open source oplossing om kwetsbaarheden in #Python programma’s te vinden.
organisatieontwerp.nl/codeaudit/
#informatiebeveiliging #python #appsec #cybersecurity
October 25, 2025 at 5:16 PM
Voorkom Cyber Security incidenten. Simpel en effectief.
Python Code Audit is de #1 open source oplossing om kwetsbaarheden in #Python programma’s te vinden.
organisatieontwerp.nl/codeaudit/
#informatiebeveiliging #python #appsec #cybersecurity
Python Code Audit is de #1 open source oplossing om kwetsbaarheden in #Python programma’s te vinden.
organisatieontwerp.nl/codeaudit/
#informatiebeveiliging #python #appsec #cybersecurity
The quality of modern #Python software relies heavily on the effective use of static code analysis tools.
Never trust, always verify!
So use the #FOSS #SAST #tool #Python #Code Audit - github.com/nocomplexity...
#pythonbrasil #hw_ioNL2025 #appsec #owasp #pycon #PyTorchCon #infosec
Never trust, always verify!
So use the #FOSS #SAST #tool #Python #Code Audit - github.com/nocomplexity...
#pythonbrasil #hw_ioNL2025 #appsec #owasp #pycon #PyTorchCon #infosec
October 20, 2025 at 6:17 PM
The quality of modern #Python software relies heavily on the effective use of static code analysis tools.
Never trust, always verify!
So use the #FOSS #SAST #tool #Python #Code Audit - github.com/nocomplexity...
#pythonbrasil #hw_ioNL2025 #appsec #owasp #pycon #PyTorchCon #infosec
Never trust, always verify!
So use the #FOSS #SAST #tool #Python #Code Audit - github.com/nocomplexity...
#pythonbrasil #hw_ioNL2025 #appsec #owasp #pycon #PyTorchCon #infosec
We believe that #security testing of #Python code should be carried out more and to a higher standard — but it should also be extremely #simple for everyone to perform. Anyone should be able to run a #SAST test quickly and easily.
github.com/nocomplexity...
#infosec #pycon #owasp #appsec #cybersec
github.com/nocomplexity...
#infosec #pycon #owasp #appsec #cybersec
GitHub - nocomplexity/codeaudit: Codeaudit - Modern Python source code analyzer based on distrust.
Codeaudit - Modern Python source code analyzer based on distrust. - nocomplexity/codeaudit
github.com
October 14, 2025 at 7:57 PM
#Python #Code Audit includes the most comprehensive collection of #security rules for verifying secure use of Python Standard Library functions.
#free #free #free to use, it’s #oss #GPLisBack
Never #trust #python #modules, #verify #it
github.com/nocomplexity...
#PyCon #owasp
#free #free #free to use, it’s #oss #GPLisBack
Never #trust #python #modules, #verify #it
github.com/nocomplexity...
#PyCon #owasp
October 11, 2025 at 8:38 PM
#Python Under Fire: Hidden #Security Risks
Spot vulnerabilities with Python Code Audit, a SAST tool that makes securing your #Python #code easy and effective.
See nocomplexity.com/python-secur...
#BHEU #appsec #owasp #infosec #Pycon #TallinnDigitalSummit #PyConAfrica #UDallas #SREcon25
Spot vulnerabilities with Python Code Audit, a SAST tool that makes securing your #Python #code easy and effective.
See nocomplexity.com/python-secur...
#BHEU #appsec #owasp #infosec #Pycon #TallinnDigitalSummit #PyConAfrica #UDallas #SREcon25
October 9, 2025 at 7:38 PM
#Python Under Fire: Hidden #Security Risks
Spot vulnerabilities with Python Code Audit, a SAST tool that makes securing your #Python #code easy and effective.
See nocomplexity.com/python-secur...
#BHEU #appsec #owasp #infosec #Pycon #TallinnDigitalSummit #PyConAfrica #UDallas #SREcon25
Spot vulnerabilities with Python Code Audit, a SAST tool that makes securing your #Python #code easy and effective.
See nocomplexity.com/python-secur...
#BHEU #appsec #owasp #infosec #Pycon #TallinnDigitalSummit #PyConAfrica #UDallas #SREcon25
Google’s CodeMender: More Dangerous Than Helpful?
nocomplexity.com/google-codem...
#infosec #google #security #cybersecurity #appsec #sast
nocomplexity.com/google-codem...
#infosec #google #security #cybersecurity #appsec #sast
a google logo with a cartoon character sitting in front of a computer
ALT: a google logo with a cartoon character sitting in front of a computer
media.tenor.com
October 7, 2025 at 7:58 PM
Google’s CodeMender: More Dangerous Than Helpful?
nocomplexity.com/google-codem...
#infosec #google #security #cybersecurity #appsec #sast
nocomplexity.com/google-codem...
#infosec #google #security #cybersecurity #appsec #sast
#Static Application #Security #Testing (#SAST) is a security methodology that analyzes an application’s source code and artifacts (designs).
Advantage of SAST for #Python is automation. But do not fall for the #AI hype. nocomplexity.com/ai-sast-scan...
#owasp #appsec #infosec #ml #eff #foss #gpl
Advantage of SAST for #Python is automation. But do not fall for the #AI hype. nocomplexity.com/ai-sast-scan...
#owasp #appsec #infosec #ml #eff #foss #gpl
October 7, 2025 at 4:05 PM
Cyclomatic complexity is a software metric used to indicate the complexity of a program.
#secure software is #simple software.
Check security and #complexity for #python #software with #python #code #audit github.com/nocomplexity...
#infosec #appsec #owasp #cyber #ai #oss
#secure software is #simple software.
Check security and #complexity for #python #software with #python #code #audit github.com/nocomplexity...
#infosec #appsec #owasp #cyber #ai #oss
GitHub - nocomplexity/codeaudit: Codeaudit - Modern Python source code analyzer based on distrust.
Codeaudit - Modern Python source code analyzer based on distrust. - nocomplexity/codeaudit
github.com
October 6, 2025 at 7:23 PM
Most security tools only check KNOWN #vulnerabilities.
But #security scanning must be done on code! This to find #Python #code like:
import builtins
b = builtins
b.exec("2+2")
Python Code Audit finds vulnerabilities in your #Python code: github.com/nocomplexity...
#appsec #owasp #infosec #trust
But #security scanning must be done on code! This to find #Python #code like:
import builtins
b = builtins
b.exec("2+2")
Python Code Audit finds vulnerabilities in your #Python code: github.com/nocomplexity...
#appsec #owasp #infosec #trust
GitHub - nocomplexity/codeaudit: Codeaudit - Modern Python source code analyzer based on distrust.
Codeaudit - Modern Python source code analyzer based on distrust. - nocomplexity/codeaudit
github.com
October 2, 2025 at 5:27 PM
Most security tools only check KNOWN #vulnerabilities.
But #security scanning must be done on code! This to find #Python #code like:
import builtins
b = builtins
b.exec("2+2")
Python Code Audit finds vulnerabilities in your #Python code: github.com/nocomplexity...
#appsec #owasp #infosec #trust
But #security scanning must be done on code! This to find #Python #code like:
import builtins
b = builtins
b.exec("2+2")
Python Code Audit finds vulnerabilities in your #Python code: github.com/nocomplexity...
#appsec #owasp #infosec #trust
Goodbye Bandit, Hello Python Code Audit
nocomplexity.com/stop-using-b...
Stop Relying on Bandit->There’s a Better Way!
#pythonprogramming #infosec #owasp #python #cybersecurty #appsec #auditnow #PyTorch #ai #openai #ml #Grok #fsf #gpl #RiseAndFall
nocomplexity.com/stop-using-b...
Stop Relying on Bandit->There’s a Better Way!
#pythonprogramming #infosec #owasp #python #cybersecurty #appsec #auditnow #PyTorch #ai #openai #ml #Grok #fsf #gpl #RiseAndFall
October 1, 2025 at 5:58 PM
Goodbye Bandit, Hello Python Code Audit
nocomplexity.com/stop-using-b...
Stop Relying on Bandit->There’s a Better Way!
#pythonprogramming #infosec #owasp #python #cybersecurty #appsec #auditnow #PyTorch #ai #openai #ml #Grok #fsf #gpl #RiseAndFall
nocomplexity.com/stop-using-b...
Stop Relying on Bandit->There’s a Better Way!
#pythonprogramming #infosec #owasp #python #cybersecurty #appsec #auditnow #PyTorch #ai #openai #ml #Grok #fsf #gpl #RiseAndFall
SAST: The Secret to #Secure Python #Apps
nocomplexity.substack.com/p/sast-the-s...
Python Code Audit - nocomplexity.com/codeaudit/ application security testing (#SAST) tool #designed for #Python programs.
#infosec #vulnerability #CyberSecurity #appsec #owasp
#oss #ossf #fsfe #gpl
nocomplexity.substack.com/p/sast-the-s...
Python Code Audit - nocomplexity.com/codeaudit/ application security testing (#SAST) tool #designed for #Python programs.
#infosec #vulnerability #CyberSecurity #appsec #owasp
#oss #ossf #fsfe #gpl
September 30, 2025 at 6:59 PM
SAST: The Secret to #Secure Python #Apps
nocomplexity.substack.com/p/sast-the-s...
Python Code Audit - nocomplexity.com/codeaudit/ application security testing (#SAST) tool #designed for #Python programs.
#infosec #vulnerability #CyberSecurity #appsec #owasp
#oss #ossf #fsfe #gpl
nocomplexity.substack.com/p/sast-the-s...
Python Code Audit - nocomplexity.com/codeaudit/ application security testing (#SAST) tool #designed for #Python programs.
#infosec #vulnerability #CyberSecurity #appsec #owasp
#oss #ossf #fsfe #gpl
The #python Connection.recv() method unpickles the #data it receives, which can be a #security risk.
#python #Code #audit checks on the multiprocessing Connection.recv() in #python code.
Static application #security #testing (SAST) is a must do!
github.com/nocomplexity...
#owasp #infosec #cve
#python #Code #audit checks on the multiprocessing Connection.recv() in #python code.
Static application #security #testing (SAST) is a must do!
github.com/nocomplexity...
#owasp #infosec #cve
GitHub - nocomplexity/codeaudit: Codeaudit - Modern Python source code analyzer based on distrust.
Codeaudit - Modern Python source code analyzer based on distrust. - nocomplexity/codeaudit
github.com
September 24, 2025 at 7:56 PM
Using #Python TarFile.extractall or TarFile.extract is #dangerous
Assume all input is #malicious.
Use nocomplexity.com/codeaudit/
#cve #infosec #cybersecurity #owasp #ai #ml #appsec
Assume all input is #malicious.
Use nocomplexity.com/codeaudit/
#cve #infosec #cybersecurity #owasp #ai #ml #appsec
Python Code Audit – NO Complexity
nocomplexity.com
September 23, 2025 at 5:25 PM
Using #Python TarFile.extractall or TarFile.extract is #dangerous
Assume all input is #malicious.
Use nocomplexity.com/codeaudit/
#cve #infosec #cybersecurity #owasp #ai #ml #appsec
Assume all input is #malicious.
Use nocomplexity.com/codeaudit/
#cve #infosec #cybersecurity #owasp #ai #ml #appsec
#python dynamic imports are a potential #security issues. Use: importlib.import_module() This offers a better way to handle dynamic imports. Avoid using __import__
Do a #sast check on the code you use. Use the #free tool nocomplexity.com/codeaudit/
#vulnerability #infosec #owasp #ransomware
Do a #sast check on the code you use. Use the #free tool nocomplexity.com/codeaudit/
#vulnerability #infosec #owasp #ransomware
September 18, 2025 at 6:07 PM
#python dynamic imports are a potential #security issues. Use: importlib.import_module() This offers a better way to handle dynamic imports. Avoid using __import__
Do a #sast check on the code you use. Use the #free tool nocomplexity.com/codeaudit/
#vulnerability #infosec #owasp #ransomware
Do a #sast check on the code you use. Use the #free tool nocomplexity.com/codeaudit/
#vulnerability #infosec #owasp #ransomware
Guidance on End-to-End Email #Security, #Code does not lie
, #Secure #Boot bypasses and more!
Check #Open Security News nocomplexity.com/open-securit...
#infosec #CyberSecurity #owasp #HybridPetya #Google
, #Secure #Boot bypasses and more!
Check #Open Security News nocomplexity.com/open-securit...
#infosec #CyberSecurity #owasp #HybridPetya #Google
a long list of numbers and letters including vatcsh9335
ALT: a long list of numbers and letters including vatcsh9335
media.tenor.com
September 15, 2025 at 6:14 AM
Guidance on End-to-End Email #Security, #Code does not lie
, #Secure #Boot bypasses and more!
Check #Open Security News nocomplexity.com/open-securit...
#infosec #CyberSecurity #owasp #HybridPetya #Google
, #Secure #Boot bypasses and more!
Check #Open Security News nocomplexity.com/open-securit...
#infosec #CyberSecurity #owasp #HybridPetya #Google
Never use #python pickle.load() or pickle.loads() on data received from an untrusted source. Use #python #code #audit to check your code. See github.com/nocomplexity...
#infosec #cyber #security #sasr #owasp #appsec
#infosec #cyber #security #sasr #owasp #appsec
GitHub - nocomplexity/codeaudit: Codeaudit - Modern Python source code analyzer based on distrust.
Codeaudit - Modern Python source code analyzer based on distrust. - nocomplexity/codeaudit
github.com
September 11, 2025 at 7:17 PM
How to do a SAST test?
A Static Application #Security Test on #Python code is essential for security. It’s also a #shift-left practice that can help you to avoid serious security #incidents.
Check nocomplexity.com/documents/co...
#owasp #oss #psf #infosec #devopssec #ssdlc #audit #gpl
A Static Application #Security Test on #Python code is essential for security. It’s also a #shift-left practice that can help you to avoid serious security #incidents.
Check nocomplexity.com/documents/co...
#owasp #oss #psf #infosec #devopssec #ssdlc #audit #gpl
a stick figure is sitting at a desk next to a trash can with a work sign on it
ALT: a stick figure is sitting at a desk next to a trash can with a work sign on it
media.tenor.com
September 9, 2025 at 5:58 PM
How to do a SAST test?
A Static Application #Security Test on #Python code is essential for security. It’s also a #shift-left practice that can help you to avoid serious security #incidents.
Check nocomplexity.com/documents/co...
#owasp #oss #psf #infosec #devopssec #ssdlc #audit #gpl
A Static Application #Security Test on #Python code is essential for security. It’s also a #shift-left practice that can help you to avoid serious security #incidents.
Check nocomplexity.com/documents/co...
#owasp #oss #psf #infosec #devopssec #ssdlc #audit #gpl
#python os.system : executing OS things can be malware.
so test on clowns!
from os import system as clown
clown('hack.now -la')
#code #audit finds this #clown, so make sure you do #security #testing with github.com/nocomplexity...
#opensource #free #validate #cybersecutity #infosec
so test on clowns!
from os import system as clown
clown('hack.now -la')
#code #audit finds this #clown, so make sure you do #security #testing with github.com/nocomplexity...
#opensource #free #validate #cybersecutity #infosec
GitHub - nocomplexity/codeaudit: Codeaudit - Modern Python source code analyzer based on distrust.
Codeaudit - Modern Python source code analyzer based on distrust. - nocomplexity/codeaudit
github.com
September 7, 2025 at 5:23 PM
#python os.system : executing OS things can be malware.
so test on clowns!
from os import system as clown
clown('hack.now -la')
#code #audit finds this #clown, so make sure you do #security #testing with github.com/nocomplexity...
#opensource #free #validate #cybersecutity #infosec
so test on clowns!
from os import system as clown
clown('hack.now -la')
#code #audit finds this #clown, so make sure you do #security #testing with github.com/nocomplexity...
#opensource #free #validate #cybersecutity #infosec
import builtins
b = builtins
b.exec("2+2")
Obfuscating usage of builtin #python calls… #Python #code #audit will find it!
use nocomplexity.com/codeaudit/
to find #security issues in Python code
#cybersecurity #infosec #sast #owasp #cwe #cve #risk #malware
b = builtins
b.exec("2+2")
Obfuscating usage of builtin #python calls… #Python #code #audit will find it!
use nocomplexity.com/codeaudit/
to find #security issues in Python code
#cybersecurity #infosec #sast #owasp #cwe #cve #risk #malware
homer simpson is standing in front of a building with a sign on it
ALT: homer simpson is standing in front of a building with a sign on it
media.tenor.com
September 6, 2025 at 5:17 PM
#Code does not lie!
#Transparency helps to improve #cybersecurity. #Security by obscurity is generally a bad security practice.
Use github.com/nocomplexity...
#Transparency helps to improve #cybersecurity. #Security by obscurity is generally a bad security practice.
Use github.com/nocomplexity...
GitHub - nocomplexity/codeaudit: Codeaudit - Modern Python source code analyzer based on distrust.
Codeaudit - Modern Python source code analyzer based on distrust. - nocomplexity/codeaudit
github.com
August 25, 2025 at 6:12 PM
#Code does not lie!
#Transparency helps to improve #cybersecurity. #Security by obscurity is generally a bad security practice.
Use github.com/nocomplexity...
#Transparency helps to improve #cybersecurity. #Security by obscurity is generally a bad security practice.
Use github.com/nocomplexity...
The use of the #python marshal can give #security issues.
The marshal module is not intended to be secure against erroneous or #maliciously constructed data.
Use Python Code Audit nocomplexity.com/codeaudit/
#infosec #owasp #cyber
The marshal module is not intended to be secure against erroneous or #maliciously constructed data.
Use Python Code Audit nocomplexity.com/codeaudit/
#infosec #owasp #cyber
August 24, 2025 at 5:01 PM
The use of the #python marshal can give #security issues.
The marshal module is not intended to be secure against erroneous or #maliciously constructed data.
Use Python Code Audit nocomplexity.com/codeaudit/
#infosec #owasp #cyber
The marshal module is not intended to be secure against erroneous or #maliciously constructed data.
Use Python Code Audit nocomplexity.com/codeaudit/
#infosec #owasp #cyber
When base encoding and #decoding is implemented, care should be taken not to introduce #vulnerabilities to buffer overflow attacks, or other attacks on the implementation.
Use #python #code #audit
nocomplexity.com/codeaudit/ We check on #Base64 use.
Use #python #code #audit
nocomplexity.com/codeaudit/ We check on #Base64 use.
a green background with the words " inner atmos " written on it
ALT: a green background with the words " inner atmos " written on it
media.tenor.com
August 21, 2025 at 7:40 PM
When base encoding and #decoding is implemented, care should be taken not to introduce #vulnerabilities to buffer overflow attacks, or other attacks on the implementation.
Use #python #code #audit
nocomplexity.com/codeaudit/ We check on #Base64 use.
Use #python #code #audit
nocomplexity.com/codeaudit/ We check on #Base64 use.