Recently I was at the great FOSS conference T-DOSE to learn new tech things and meet great open-minded people. After my talk about Python Code Audit. I had a very interesting discussion about the Python assert statement with some very smart security friends.
(more…)Author: Maikel Mardjan
-
Simplifying the Stack: Start Security Testing in the Browser
Cyber security disasters still happen every day. Being security-aware is crucial, but it is not enough. So never trust, always verify!
To make security validation simple, testing applications before use is a must. However, a huge drawback is the difficulty of setting up even a few simple tests.
(more…) -
Security By Design: The Shortcut to Smarter, Safer Systems
No business is too small to attract cybercriminals. In fact, small and medium-sized businesses (SMBs) are often more appealing targets for ransomware than large, established enterprises. Limited resources, combined with access to valuable customer data, make them particularly vulnerable.
(more…) -
Simplifying Python Security: A Local-First Approach with WASM
Python code plays a central role in modern computing, yet Python applications are not immune to cybersecurity threats. Consequently, security has become a critical concern for both users and developers alike.
(more…) -
Open Security News – March 2026
While security testing is crucial for protection, identifying security defects in Python-based software requires specialised knowledge. Most security testers lack the in-depth training on Python-specific nuances that is essential for performing effective security evaluations.
In today’s digital world, cybersecurity remains a critical concern. This applies equally to the consumption and creation of Python software: preventing vulnerabilities begins with a robust architecture. However, even well-written code—including that generated by AI—is not secure by default. Python Code Audit is a vital, open-source (FOSS) tool that should be an integral part of your workflow.
(more…) -
Static Application Security Testing (SAST): Simplicity Matters
I have worked on delivering large-scale IT systems for more than 25 years. I spent my early years as an engineer, and for the last 20 years, I have worked in various architecture roles, steering development and solving complex issues. But some things never change:Cybersecurity remains a difficult and complex field. It requires expertise across many different areas, such as business and computer sciences.
(more…) -
Detection of malware or security weaknesses?
Almost all software is under attack today, yet many organisations remain unprepared in their defence. Every day, news emerges of computer systems being breached, frequently through vulnerabilities within the software itself.
(more…) -
Python Security Showdown: Which Tool Actually Protects Your Code?
On an almost daily basis, I see new Static Application Security Testing (SAST) tools emerging. Nearly all of these new solutions are powered by LLMs and offered exclusively as SaaS products.
Security is not a trivial matter. High-quality security tools are essential to protect your organisation. What is far more dangerous, however, are professional-looking cybersecurity tools that claim to deliver robust protection but, in reality, provide poor results. Tools of low quality do not just fail to protect you — they create a false sense of security. And that risk is enormous.
(more…) -
Can We Trust AI to Secure Our Python Code?
I love new technology. I also advocate for Free and Open Machine Learning/AI. I think FOSS AI/ML is crucial for everyone. See FOSS AI/ML Guide.
(more…) -
Defence in Depth in Python Security: Why Using Multiple SAST Tools Matters
Defence in depth is a core security principle that relies on multiple, independent security controls. If one fails, others detect or mitigate the threat. In Python Static Application Security Testing (SAST), depending on a single scanner creates unnecessary risk and incomplete vulnerability coverage.
(more…)