The world of software development has witnessed a significant transformation thanks to low-code/no-code development platforms like Microsoft Power Platform, Salesforce, and ServiceNow. These platforms have empowered developers and business users of all technical backgrounds to create applications, automations, bots, connections (and more), rapidly and with greater accessibility.
When working with security teams and application security analysts, the new world of low-code/no-code development presents new questions that invariably begin with ‘where do we start?’ With so many new applications, automations, and more that are introduced to the corporate environment, it can seem like an endless pit of concerns about data flows, user permissions and potential security risks introducing my organization that need to be analyzed and brought under management.
In today’s rapidly evolving digital landscape, organizations not only seek out, but need to harness the power of emerging technologies to stay ahead of the competition. Two of the most promising trends in the tech world are generative AI and low-code/no-code development. Generative AI, in particular, has generated the majority of the headlines, with seemingly infinite use cases to spur productivity for end users and business.
The landscape of application development is constantly evolving, driven by technological advancements and changing user demands. Over the past few years, we have witnessed the rise of generative AI, the “shift left” approach, and the increasing prominence of low-code/no-code development.
The August 4th compromise of Twilio via a targeted smishing attack has been a topic of wide concern and discussion on social media. My first thoughts on hearing of the attack were to virtually “pat myself down” with regard to exposure risk. Kind of like that feeling when you’re not sure if your car keys or wallet are in your pocket a few blocks after walking away from your parking space. Is my company affected by the breach? Did we receive a notification email from them?
Why Are Low-Code Platforms Becoming the New Holy Grail of Cyberattackers? Low-code/no-code platforms for enterprise are booming. With more and more critical business assets now stored and handled by these platforms, it is essential to understand that low-code often leads to a large attack surface. This article will explore low-code/no-code from an attacker’s perspective to better understand their potential weaknesses and showcase why they are becoming the new holy grail for cybercriminals.
For organizations to be more productive and agile in their development processes, understanding the core differences between low-code and no-code applications and platforms is vital. In this article, we take a closer look at low-code vs no-code, explore the benefits of each, and explain how design flaws and security vulnerabilities in these environments are addressed.
Last week Dark Reading released an enterprise application security survey which raised serious concerns by IT and security teams about the state of low-code/no-code applications. The survey exposed a deep lack of visibility, control and knowledge necessary to maintain the level of security maturity expected in the enterprise. In this blog post, we will look at concrete concerns raised by the survey, examine their root cause and offer recommendations on ways to address them today.
Many low-code applications are built for the purpose of moving data from one place to another usually as a result of some external trigger, such as the arrival of a new email message. In the case of an email-triggering low-code application, if low-code security best practices are not strictly followed, attackers may abuse the application to set rogue automated email forwarding rules, which can be used to steal data, impersonate as corporate users and mount phishing campaigns.
