Welcome to Nokod Security

Gartner estimates that by 2024, 65% of all applications will be built using low-code / no-code technology. Where does security fit into that?

<< Back to Blog

New Idea

The Low-Code / No-Code Trend

Low-code / no-code applications are all the latest rage – just as they should. They solve a pressing need for enterprises, where each time a team wanted to create an application, it had to go through the IT or development team. HR wants to create an application for the company event with their 5000 employees? IT. Though when the IT team is focused on building applications for the business development team or supporting Sales with the deal that will “kill the quarter”, it’s easy to see how that event application moved to the back burner.

With low-code / no-code platforms the HR team can now independently build that application. Instead of waiting for scarce development resources, the platforms provide the easy drag and drop tool that allows anyone at the company, with minimal training, to create their own application. HR wants to create that event landing page? They can now easily and quickly do it themselves, including adding a field where each employee verifies their T-shirt size.

Security Issues within Low-Code / No-Code

Low-code / no code applications are now being released by the second everywhere, but… where’s the low-code / no-code in the application security program? How do you know that the app that HR created is secure or is not leaking data? For instance, even if HR does just present the shirt size, in the backend the full employee table is accessible, which might also include employee salaries. Taking it a step further, while the T-shirt size might just seem a verification field, it’s still possible to manipulate fields in the backend, including an employee salary.

Low-Code / No-Code and the Application Security Stack

20 years ago security was never looked at in the application development and deployment process. That is, until suddenly databases were hit by SQL injection attacks and funds were lost due to business logic exploits.

It took a while for enterprises to understand that application security needs its own stack of security solutions, and it took even longer to figure out that these should cover the entire process from inception to deployment. Today application security is an integral part of every security strategy. From source code analysis during the engineering and DevOps development stages to runtime protection in the form of a Web Application Firewall (WAF).

Low-code / no-code platforms have added new actors, new processes and new tools to the application development theater. These create an entirely new and growing attack surface which, incredibly, is not covered by the current application security solution stack. Citizen developers and business developers are left on their own and security teams have limited visibility or control over these applications.

Enterprises shouldn’t wait again numerous years until solutions and processes are put in place. Rather, it’s time to recognize that application security controls and processes must be extended to include low-code / no-code application development.

Enter - Nokod Security

This is where Nokod Security comes in. We’re set on a mission to extend application security to low-code / no-code.

Interested in hearing more? Reach out to us!

Stay in the know

Sign up for our newsletter filled with industry and security trends, events details and company news. 

More News from Nokod

Power Hacking with Microsoft Power Platform

Webinar on demand: Watch an exploration of supply chain attacks in low-code/no-code development environments and in the marketplaces of low-code application platforms. Get practical mitigation guidelines for the attacks and mistakes detailed.

Meet Nokod at “UiPath on Tour” in London

UiPath on Tour London is the year’s largest regional gathering of businesspeople, automation professionals, and AI experts. With executive thought leadership. Open access to hands-on experts. Community connection.

Meet us at OWASP Global Lisbon

OWASP Global in Lisbon is the AppSec highlight in Europe! Enjoy insightful presentations by globally recognized keynote speakers, choose from diverse tracks such as builder, breaker, defender, and manager-culture.

Scroll to Top