06-06, 11:00–11:50 (Europe/Brussels), Katoenkamer
Python code plays a central role in modern computing, yet Python applications are not immune to cybersecurity threats. Consequently, security has become a critical concern for Python users and developers.
Static Application Security Testing (SAST) is a straightforward and proven way to identify vulnerabilities or assess the security posture of Python code before deployment. As a long-term advocate for Free and Open Source Software, I believe in the benefits of using high quality FOSS tools for cybersecurity. Security is never black or white: Context matters. However, using tools that can give a false sense of security is a deadly sin in cybersecurity.
In 2025, after extensive research, I decided to create a better FOSS Python SAST scanner: a more reliable, trustworthy and user-friendly security tool.
In this talk, I will share my personal journey of creating this tool. You will learn about specific Python threats and how weaknesses in code can be detected and exploited. I will also discuss my architecture and design principles, including why you shouldn't blindly trust AI for security and why a "local-first" approach is always preferable from a FOSS perspective.
More than 30 years of work experience in the IT industry, developing innovative systems and preventing cyber threats. I have worked as an independent architect in large and small companies and institutions, in both the private and governmental sectors.
Always working on architecture & design to solve complex problems in complicated environments. I am TOGAF and CISSP Certified and I hold both a Master (MSc) Business Studies of University of Groningen and a Master degree (MSc) Electrical Engineering, of Delft University of Technology.
Running FreeBSD since version 4 to keep things simple, solid and secure. I still love to do hands-on programming (C/C++, Java, Python, PHP,JS,GOlang etc) to learn, make and break things.