Tag: Software

  • Open Security News – March 2026

    While security testing is crucial for protection, identifying security defects in Python-based software requires specialised knowledge. Most security testers lack the in-depth training on Python-specific nuances that is essential for performing effective security evaluations.

    In today’s digital world, cybersecurity remains a critical concern. This applies equally to the consumption and creation of Python software: preventing vulnerabilities begins with a robust architecture. However, even well-written code—including that generated by AI—is not secure by default. Python Code Audit is a vital, open-source (FOSS) tool that should be an integral part of your workflow.

    (more…)

  • exec() in Python: Simple & smart or Career-Ending Mistake?

    Python is the most widely used programming language worldwide. Its clear syntax, extensive libraries, and adaptability make it suitable for beginners, researchers, and professionals alike. But security is a growing critical concern for Python code. AI-generated code — is not secure by default and human programmers are no security experts. 

    A fantastic built in function that can be used in Python is `exec`.

    (more…)

  • DySec: Is a Python package Actually a Hacker Trap?

    Python is the most widely used programming language worldwide. Consequently, many programs, even those built on top of FOSS Python modules, are freely available on The Python Package Index (PyPI.org).

    Python security is gaining attention due to its rising usage. Python can be considered a secure language, yet Python applications are also susceptible to common security flaws. Researchers, especially security researchers, often exaggerate security risks.

    AI generated summaries of scientific papers are often of very limited use.

    (more…)

  • Python Security: What is SAST

    The rapid growth and increasing complexity of Python based web applications and systems have made robust security testing more important than ever.

    Cybercriminals are constantly evolving their tactics, looking for vulnerabilities they can exploit to steal data or disrupt operations.

    Static Application Security Testing (SAST) is a security methodology that analyzes an application’s source code and related artifacts (such as design documents) without executing the code.

    For Python applications, specific Python SAST tools, like Python Code Audit, perform an in-depth, automated review of the source code to detect security weaknesses and potential vulnerabilities early in the development lifecycle.

    (more…)

  • The End of Bandit: Meet Python Code Audit

    The rapid growth and increasing complexity of Python based web applications and systems have made robust security testing more important than ever.

    Cyber criminals are constantly evolving their tactics, looking for vulnerabilities they can exploit to steal data or disrupt operations. Traditional security testing for Python applications is still complex, time-consuming, and expensive. 

    (more…)

  • Code does not lie

    Good measurements for cyber security do not have to be technical. From a defence in depth principle it is recommended to have a mix of various technical and non technical measurements. A healthy distrust in security means never trust software and hardware and take as many measurements to mitigate cyber risks to acceptable levels. 

    (more…)

  • Stop using assert in your Python code

    Too many Python programs use assert statements to check for conditions, even in widely used modules like Pydantic.


    Using assert can be problematic from a security perspective. The Python assert statement itself isn’t insecure, but its misuse can lead to vulnerabilities.

    (more…)

  • Is Pydantic as safe as it Is popular?

    If you want to keep complexity low and minimize security risks, you always need to decide whether using an external Python library is the right choice.

    Practising 0Complexity design principles is never easy. But when it comes to security and minimising dependencies, you should weigh the advantages and disadvantages of using any external Python library.

    Don’t get me wrong: many FOSS Python libraries are excellent, well-maintained software and you’d be foolish not to use them when appropriate.

    So before using a new module in an MVP, running a quick and simple Static Application Security Test (SAST) on the external Python module will provide valuable information from a security point of view.

    (more…)

  • Simplify IT

    Nobody ever asks for a complex IT solution. We all love simple IT solutions.

    (more…)

  • Feature rich or feature poor solutions

    Research learns that businesses frequently choose products with too many features that they later find difficult to use or will not be used at all. Feature rich software products are often fuel for business complexity. 

    (more…)