Uriya Elkayam Presenting at OWASP AppSec Lisbon 2024

Low-Code/No-Code application platforms give attackers an unfair advantage. Time-tested application layer tricks are experiencing a revival when used against applications built on these platforms.
<< Back to Resources
OWASP Lisbon 2024 Session

We are excited to inform you that Uriya Elkayam, Senior Security Researcher at Nokod, has been selected to speak at OWASP 2024 Global AppSec Lisbon.

In his session, Back to the Future: Old Tricks Invading a New Attack Surface, Uriya will explore the security risks of leading Low-Code/No-Code (LCNC) application development platforms.

While LCNC platforms offer convenience, attackers exploit time-tested application layer tricks against them. Let’s have a look at the vulnerabilities.

Robotic Process Automation (RPA):

  • Misconception: RPAs built using LCNC technologies are immune to classic application layer attacks.
  • Reality: LCNC applications are vulnerable to SQL injections, authorization mishaps, and OS command injections.

Supply Chain Attacks:

  • LCAPs integrate code reuse and sharing mechanisms via marketplaces (e.g., Forge, AppSource, UiPath Marketplace).
  • A double-edged sword: Empowering app developers and a potential gateway for attackers.

Join our session to discuss LCNC app security and robotic process automation. Let’s fortify our defenses against these looming threats!

Uriya Elkayam

Uriya Elkayam

Uriya Elkayam is a senior security researcher at Nokod Security.

His research focuses on application security aspects of low-code/ o-code platforms such as MS Power Platform, UiPath, and OutSystems.

He is passionate about finding vulnerabilities and developing new mitigation techniques.

In his previous role as Head of Research at AirEye, he became an expert in network security, wireless communication, and low-level side-channel attacks.

Uriya holds a B.Sc. and M.Sc. in Communication System Engineering from Ben Gurion University.

Scroll to Top