www-project-top-10-low-code-no-code-security-risks
www-project-top-10-low-code-no-code-security-risks copied to clipboard
Add descriptions for business users
Context
The language of OWASP documents speaks to security, operations, IT and engineering professionals. The introduction of low-code/no-code has lowered the bar to become a digital builder. This is the root of why this technology is so important. However, it also means that we cannot assume the same level of technical or security accoman from all low-code/no-code developers.
To enable usage of the OWASP Low-Code/No-Code Top 10 by everyone, no matter their technical background, we would need to remove our assumptions and describe risks in a common language that everyone can understand. This should not replace the technical or security oriented language which is a golden standard of an OWASP project, but come as a parallel view on the same issues.
Proposal Description
The current template for a risk category is as follows:
- Risk Rating
- The Gist
- Description
- Example Attack Scenarios
- Scenario 1
- Scenario 2
- ...
- How to Prevent
- References
We propose the following additions:
- A new section between Risk Rating and The Gist describing the category in simple terms
- A new subsection for each Scenario describing it in simple terms