www-project-top-10-low-code-no-code-security-risks
www-project-top-10-low-code-no-code-security-risks copied to clipboard
Add product-specific examples
Context
Low-Code/No-Code can mean many different things. Tools can differ in technology, users, developers, use cases and more. For example, Low-Code Application Platforms (LCAP) is used to build web and mobile applications while Robotic Process Automation (RPA) is used to build bots. These technologies are ever-changing and are in the process of merging with eachother, so its still important to cover them in a single project. However, we should also emphasize where they differ, allowing people to focus on the risks relevant to a particular technology.
Proposal Description
The current template for a risk category is as follows:
- Risk Rating
- The Gist
- Description
- Example Attack Scenarios
- Scenario 1
- Scenario 2
- ...
- How to Prevent
- References
We propose the following additions:
- A new subsection under Risk Rating, where we provide different ratings for each Low-Code development technologies
- Label each Scenario with the relevant technologies. A scenario can apply to multiple technologies.
Low-Code development technologies to distinguish:
- Low-Code Application Platforms (LCAP)
- Robotic Process Automation (RPA)
- Integration Platform as a Service (iPaaS)