Tel-Aviv, Israel
Nov 30, 2022   |  By Ben Kliger
Security of our platform and customer data has always been a core focus at Zenity and a north star that we continue to follow, and today we’re excited to announce that we are now SOC 2 Type II certified. This certification demonstrates Zenity’s commitment to ensuring the security of our systems and the data of our customers and partners.
Nov 20, 2022   |  By Lior Koch Hedvat
International Data Corporation (IDC) published its annual Innovators report last Friday, November 18th and named Zenity as one of the top five innovative vendors offering a unique PaaS (Platform as a Service) solution that developers are using to accelerate their application development and deployment processes.
Sep 29, 2022   |  By Lior Koch Hedvat
To understand this headline better we need to have a better understanding of the traditional ways we think about Software-as-a-Service (SaaS) platforms and public cloud platforms. The difference lies in the starting point of these two solutions, while SaaS started as an extension of the corporate network, the public cloud started as an extension of the data center.
Sep 19, 2022   |  By Michael Bargury
In the middle of March 2022, Zenity research team discovered a sandbox-escape vulnerability in Code by Zapier, a service used by Zapier to execute custom code as part of a Zap. Exploiting this vulnerability, any user could take full control over the execution environment of their entire account allowing them to manipulate results and steal sensitive data. For example, a Zapier user could take control over the admin’s custom code execution environment.
Aug 29, 2022   |  By Lior Koch Hedvat
Software-as-a-Service (SaaS) applications are built on the premise of streamlining business practices to improve productivity. Microsoft 365, Salesforce, and similar SaaS platforms commonly integrate automation tools that allow business users to develop the tools that they need to do their jobs. The latest iteration of this is the integration of low-code/no-code platforms into these SaaS solutions.
Jul 18, 2022   |  By Lior Koch Hedvat
When it comes to cybersecurity, businesses typically want to assume that every user is a special snowflake. The premise that each user has a unique identity, and that cybersecurity teams can manage access permissions and identify anomalous activity based on that identity, is a cornerstone of modern security operations.
Jul 5, 2022   |  By Uriel Zilberberg
Zenity research team has recently discovered a potential customer data leakage in Storage by Zapier, a service used for simple environment and state storage for Zap workflows. With only a few simple steps and no authentication, we were able to access sensitive customer data. Given the nature of this flaw, it would be easy for bad actors to recreate our approach and access the same sensitive data without significant expertise.
Jun 20, 2022   |  By Lior Koch Hedvat
You might think that the majority of cybersecurity breaches result from carefully planned and executed attacks. You may imagine hackers expertly crafting phishing emails to con employees into giving away access to critical systems, for example, or planting state-of-the-art malware on victims' servers. The reality – as Zenity co-founder and CTO Michael Bargury explains in his most recent Dark Reading column – is less interesting, and perhaps more worrying.
May 31, 2022   |  By Michael Bargury
Last week Dark Reading released an enterprise application security survey which raised serious concerns by IT and security teams Last week, Microsoft announced a new low-code application service called Power Pages, the fifth service joining the Power Platform. Whether you’re a low-code maker or professional developer, this low-code, scalable, and secure solution empowers you to build business-centric websites quickly and easily.
May 16, 2022   |  By Lior Koch Hedvat
Dark Reading is a great site to follow if you want to keep up with the latest IT security news and trends. You’ll find plenty of articles on topics like ransomware, supply chain security and insider threats. But one type of security challenge that wasn’t previously covered in a lot of detail on Dark Reading – or on most IT media sites, for that matter – was the risk associated with “citizen development,” an increasingly popular practice within enterprises.
Jan 19, 2022   |  By Zenity
Zenity's low-code security research team is exposed to real world low-code applications on a daily basis, and we're glad to share our knowledge in this domain in order to help you to design and develop secure low-code applications.

Continuously protecting all low-code/no-code applications and components! Design and implement governance policies, identify security risks, detect emerging threats and drive automatic mitigation and response.

Low-code/no-code development and automation platforms are the wave of the future. The largest companies in the world are already adopting low-code/no-code development for their core business units. But with all their benefits, low-code/no-code development brings with it a host of governance challenges and risks that are unaddressed by existing InfoSec and AppSec solutions.

Zenity, the first and only governance and security platform for low-code/no-code applications, creates a win-win environment where IT and information security can give business and pro developers the freedom and independence they want in order to continue pushing their business forward while retaining full visibility and control.

Our Platform:

  • Discover: Identify shadow-IT business applications across your low-code/no-code fleet and track sensitive and business data movement.
  • Mitigate: Identify insecure, vulnerable and risky configurations. Drive mitigation and remediation immediately.
  • Govern: Design policies and implement automatic enforcement. Eliminate risks without disrupting business.
  • Protect: Detect suspicious and malicious activity, such as supply-chain attacks, malware obfuscation and data leakage.

Governance and Security for Low-Code/No-Code Applications.