NO Complexity
@nocomplexity
Followers
15
Following
343
Media
82
Statuses
438
https://t.co/o2uLik0FG0 is all about solving Business IT related challenges for our clients, people and communities in a changing world.
Apeldoorn, Netherlands
Joined October 2015
Some #nice #Python code: from subprocess import call as iamyourfriend returncode = iamyourfriend(["/usr/bin/sudo", "/usr/bin/id"]) Check #code on #vulnerabilities. #AlwaysWonder Use https://t.co/vSLq9Q6k1e
#owasp #infosec #audit #sast
0
0
1
Static Application Security Testing (SAST) is crucial for securing Python applications. SAST testing helps proactively identify vulnerabilities directly in the source code. #pydata #pycon #owasp
https://t.co/vSLq9Q6k1e
github.com
Codeaudit - Modern Python source code analyzer based on distrust. - nocomplexity/codeaudit
0
1
2
Should you use GitLabs Static application security testing (SAST) for Python? Read: https://t.co/JOkjM5YwV1 Spoiler: No! Never trust, always verify so use the number one #FOSS SAST solution, Python Code Audit - https://t.co/vSLq9Q5MbG
#pydata #pycon
0
1
2
Python function: def dangerous_calculator(user_input): print(f"Entered: {user_input}") exec(user_input) Someone will do: dangerous_calculator("__import__('os').system('rm -rf /')") Always check code with Python Code Audit! https://t.co/vSLq9Q5MbG
#pycon #appsec #infosec #risk
github.com
Codeaudit - Modern Python source code analyzer based on distrust. - nocomplexity/codeaudit
0
1
1
0
0
0
Never do: func_name = input("Enter function to run: ") exec(f"{func_name}()") Using `exec` in Python code is the fastest way to turn your Python script into a remote code execution vulnerability. Read: https://t.co/Fazvqr3oNP
#pycon #appsec #owasp
0
1
1
To mitigate potential security risks with a balanced budget, security threat modelling is critical. Use the best (free) SAST for Python https://t.co/vSLq9Q6k1e
#pydata #pycon #owasp
0
1
1
Every Python package that is able to dynamically load code is suspicious by default! Use https://t.co/vSLq9Q6k1e to check what happens. #pycon #python #owasp #infosec #appsec #programming #sast
0
1
1
20% Effort, 80% Protection: The Lazy Python Developer’s Guide to Bulletproof Code https://t.co/KPlQ0Qxdxc
#python #pydata #owasp
medium.com
What would happen if you apply the 80/20 rule on Cyber Security? The Pareto principle, also known as the 80/20 rule, states that, for many…
1
1
1
• https://t.co/Ca8ICJhrhO_tracing() •sys.setprofile(), and •sys.settrace() These #python calls are powerful for #introspection. But they introduce significant #security and #safety risks if used improperly or #maliciously. So Use https://t.co/RrIP5cR8RS
#infosec #owasp
0
1
2
Is DySec the Future for securing the Python package repository? Check: https://t.co/ExJf5nyJDp
#pycon #owasp #appsec
0
1
1
Secure Coding Guidelines: Check and use them all! -it's free - See https://t.co/4ZetSjCCXY
#python #rustprogramming #owasp
1
1
1
Radical Open #Innovation News: The Anti-Ownership Ebook Economy A great read on how Publishers and #Platforms Have Reshaped the Way We Read in the Digital Age. With solutions for getting control back. Check https://t.co/RTuwdE0grm for all news bites. #cop30
0
1
1
PyPitfall: Dependency Chaos and Software Supply Chain Vulnerabilities in Python – A critical review Read https://t.co/dW5BMdOHjW
#python #appsec #owasp
0
1
2
Radical Open Innovation News: The #PyPSA meets Earth initiative works on open modelling. Check https://t.co/RTuwdE0grm for all innovation news bites. #cop30 #python #programming
0
1
2
#python dynamic imports are a #potential #security issues. Use: importlib.import_module() This offers a better way to handle dynamic imports. Avoid using __import__ Do a #sast check on the code you use. Use the #free tool https://t.co/RrIP5cR8RS
#vulnerability #infosec #owasp
0
1
1
0
1
1
The random module in Python is not for security or cryptographic purposes, such as generating session tokens or passwords. Use the free SAST Tool: Python Code Audit https://t.co/vSLq9Q5MbG To check on use of the random module in code #pycon #owasp #random
github.com
Codeaudit - Modern Python source code analyzer based on distrust. - nocomplexity/codeaudit
0
1
1
Python does not implement privilege separation. Once an attacker is able to execute arbitrary Python code, the attacker gets the same privileges that is used to run the program. So use Python Code Audit- an advanced SAST tool https://t.co/H7ZcV0kESj
#owasp #pycon #appsec
0
1
1
Python does not implement privilege separation. Once an attacker is able to execute arbitrary Python code, the attacker gets the same privileges that is used to run the program. So use Python Code Audit- an advanced SAST tool https://t.co/H7ZcV0kESj
#owasp #pycon #appsec
0
1
1