www-project-top-10-low-code-no-code-security-risks icon indicating copy to clipboard operation
www-project-top-10-low-code-no-code-security-risks copied to clipboard

Published 20 hours ago verified publisher icon OWASP

Add product-specific examples

Open mbrg opened this issue 1 year ago • 0 comments

Context

Low-Code/No-Code can mean many different things. Tools can differ in technology, users, developers, use cases and more. For example, Low-Code Application Platforms (LCAP) is used to build web and mobile applications while Robotic Process Automation (RPA) is used to build bots. These technologies are ever-changing and are in the process of merging with eachother, so its still important to cover them in a single project. However, we should also emphasize where they differ, allowing people to focus on the risks relevant to a particular technology.

Proposal Description

The current template for a risk category is as follows:

  • Risk Rating
  • The Gist
  • Description
  • Example Attack Scenarios
    • Scenario 1
    • Scenario 2
    • ...
  • How to Prevent
  • References

We propose the following additions:

  • A new subsection under Risk Rating, where we provide different ratings for each Low-Code development technologies
  • Label each Scenario with the relevant technologies. A scenario can apply to multiple technologies.

Low-Code development technologies to distinguish:

  • Low-Code Application Platforms (LCAP)
  • Robotic Process Automation (RPA)
  • Integration Platform as a Service (iPaaS)

mbrg avatar Mar 05 '23 12:03 mbrg