Resources
Your friendly go-to resource for all security issues related to low-code and no-code.
Explore the Security Aspects of Citizen Development
Power Hacking with Microsoft Power Platform
Make sure that your Power Platform low-code and no-code development doesn’t translate to low security. Watch this webinar and join security expert Amichai Shulman for a deep dive into real-world attacks, exposing dangerous misconceptions and busting the myth that Power Platform apps aren’t creating an external attack surface.
The Writing on the Wall: Security Risks in Low-Code/No-Code App Development
Webinar on demand: Watch an exploration of supply chain attacks in low-code/no-code development environments and in the marketplaces of low-code application platforms. Get practical mitigation guidelines for the attacks and mistakes detailed.
Low-Code/No-Code and RPA: Rewards and Risks
Download our practical guide to understand the fundamental characteristics and challenges, and learn how to build streamlined security into low-code/no-code applications and robotic process automations development.
Free Power Platform Security Assessment Tools
Gain Visibility into Security Risks and Issues on Power Platform
Worried about the risks and vulnerabilities introduced by citizen development on Power Platform?
Use Nokod’s free security tools to better understand this rapidly growing attack surface and your company’s exposure.
Download our Solution Brief
Latest Articles by Nokod
September 03, 2024 – Continuous threat exposure management (CTEM) – a concept introduced by Gartner – monitors cybersecurity threats continuously rather than intermittently. A prime candidate for inclusion under the CTEM umbrella is software created in low-code/ no-code (LCNC) and robotic process automation (RPA) environments.
August 7, 2024 – In his article “4 Common LCNC Security Vulnerabilities and How To Mitigate Them” on ITPro Today, Amichai Shulman illustrates the impact of low-code/no-code (LCNC) platforms, robotic process automation (RPA), and citizen development on the enterprise attack surface.
While accelerating innovation, low-code/no-code platforms introduce significant security risks, such as client-side data access issues, injection attacks, unintended public exposure, and data leakage.
June 28, 2024 – Nokod’s CTO, Amichai Shulman highlights the top security risks associated with RPA (Robotic Process Automation) and shares best practices for mitigating those risks in his latest article on SC Media.
This is a must-read if you use and need to secure automations created on platforms like UiPath, MS Power Automate, Automation Anywhere, Pega, or others.
June 26, 2024 – Yair Finzi, CEO of Nokod Security, shares his security perspective on citizen development and the use of low-code no-code development platforms.
It is striking – and worrying – how the current AppSec stack and practices fail to monitor and secure the apps and automations created by citizen developers. Yair discusses some of the root causes in his article.
June 24, 2024 – In this Forbes article, Yair Finzi, CEO of Nokod, discusses the risks of supply chain attacks in low-code/no-code development platforms (LCAP). Virtually all platforms include a marketplace for third-party components used in apps and automation created by citizen developers. Simple mistakes can lead to vulnerabilities and risks.
June 17, 2024 By Amichai Shulman, CTO at Nokod.
Like a bad movie that seems to go on forever, SQL injection (SQLi) attacks have lingered since the late 1990s. Unfortunately, a new wave of SQLi attacks is emerging—and it’s taking a different trajectory than in the past.
June 6, 2024- In the rush to digital transformation, many organizations are unaware they are exposed to security risks associated with citizen developer applications.
The Latest from our Blog
In Plain Sight: How Microsoft Power BI Reports Expose Sensitive Data on the Web
The Nokod Research Team discovered a data leakage vulnerability in the Microsoft Power BI service which potentially affects tens of thousands of organizations and which allows anonymous viewers on the Internet to access sensitive data, including employee and business data, PHI, and PII.
The Unbearable Stubbornness of SQL Injection Vulnerabilities
CISA and FBI issued a stern warning to eradicate SQL injection vulnerabilities for good. How, with code scanners in place and ongoing security training for developers, does this problem persist? Read our take predicting that the numbers of SQLi attacks will likely rise.
Webinar Recap: Navigating the Risks of Citizen Development
Recap of the key points from our webinar to help you understand the evolving risks and opportunities in citizen application and automation development. Dissecting supply chain attacks, we demonstrated low-code/no-code development as the new frontier for security professionals.
Recent Press Releases
Nokod Security Adds Financial Services Cybersecurity Expert Yuval Illuz to Advisory Board
Nokod Security today announced that Yuval Illuz, a seasoned financial services executive, has joined its Advisory Board.
Nokod Security Expands LCNC Multi-Platform Support to ServiceNow and Joins ServiceNow Partner Program
Nokod Security, the security company for low-code/no-code (LCNC) application development, today announced it has expanded its industry-leading multi-platform capabilities with support for ServiceNow LCNC custom application tools.
Nokod Security Launches Platform to Secure Low-Code/No-Code Development Environments and Applications
Nokod Security, the security company for low-code/no-code (LCNC) application development, today announced the general availability of the Nokod Security Platform, which gives citizen developers clear step-by-step guidance for fixing security issues.
Ready to Take the Next Step? Get a Demo.
Experience the new way to effectively secure your low-code/no-code apps. Contact us to schedule a demo with one of our product experts.
We are eager to learn about your requirements and show you how Nokod Security can benefit you, your team, and your organization.
Discover all your organization’s low-code/no-code applications and automations.
Place them under your policies to reveal governance and compliance issues.
Empower citizen developers and security teams to deal with threats right away.