We are excited to inform you that Uriya Elkayam, Senior Security Researcher at Nokod, has been selected to speak at OWASP 2024 Global AppSec Lisbon.
In his session, Back to the Future: Old Tricks Invading a New Attack Surface, Uriya will explore the security risks of leading Low-Code/No-Code (LCNC) application development platforms.
While LCNC platforms offer convenience, attackers exploit time-tested application layer tricks against them. Let’s have a look at the vulnerabilities.
Robotic Process Automation (RPA):
- Misconception: RPAs built using LCNC technologies are immune to classic application layer attacks.
- Reality: LCNC applications are vulnerable to SQL injections, authorization mishaps, and OS command injections.
Supply Chain Attacks:
- LCAPs integrate code reuse and sharing mechanisms via marketplaces (e.g., Forge, AppSource, UiPath Marketplace).
- A double-edged sword: Empowering app developers and a potential gateway for attackers.
Join our session to discuss LCNC app security and robotic process automation. Let’s fortify our defenses against these looming threats!
Uriya Elkayam
Uriya Elkayam is a senior security researcher at Nokod Security.
His research focuses on application security aspects of low-code/ o-code platforms such as MS Power Platform, UiPath, and OutSystems.
He is passionate about finding vulnerabilities and developing new mitigation techniques.
In his previous role as Head of Research at AirEye, he became an expert in network security, wireless communication, and low-level side-channel attacks.
Uriya holds a B.Sc. and M.Sc. in Communication System Engineering from Ben Gurion University.