Security Risks for Low-Code/No-Code Applications and Automations

The era of low-code/no-code software has been a boon for many organizations — many business users have been empowered to create applications and automations that address pressing needs that often cannot be fulfilled by the IT department alone. 

While this helps to drive business efficiency and agility, a dark side is starting to emerge. The proliferation of citizen-developed apps and bots is raising concerns around governance, compliance and security. 

There are a few reasons for this: 

• Citizen developers, while well-intentioned, may inadvertently introduced logic flaws and security vulnerabilities that may compromise entire systems. 

• The rise of shadow IT is reducing the visibility of IT and security teams of the various threat vectors that are lurking within the organization. 

To mitigate these risks, it is vital for all businesses to be familiar with the list of top 10 security risks for low-code/no-code applications, namely: 

1. Account Impersonation 

2. Authorization Misuse 

3. Data Leakage and Unexpected Consequences 

4. Authentication and Secure Communication Failures 

5. Security Misconfiguration 

6. Injection Handling Failures 

7. Vulnerable and Untrusted Components 

8. Data and Secret Handling Failures 

9. Asset Management Failures 

10. Security Logging and Monitoring Failures 

For example, many of the low-code/no-code platforms provide a library or app store where developers can download and use pre-built components created by third parties.

Do you have an established process to vet or restrict access to such components? 

To learn more, please visit https://owasp.org/www-project-top-10-low-code-no-code-security-risks/.

Alternatively, get in touch with us now for a discussion on how to enhance the compliance and governance of your citizen development program.

#lowcode #nocode #governance #compliance #security #owasp