Thought Leadership Articles
The Nokod leadership is here to share expertise, insight, tips, and real-world experience with you.
OData Injection Risk in Low-Code/No-Code Environments
By Amichai Shulman,
CTO at Nokod.
OData injection poses a serious, often underestimated risk in low-code/no-code (LCNC) ecosystems, especially within Microsoft Power Platform. This attack technique can potentially compromise sensitive corporate information by exploiting vulnerabilities that security professionals frequently overlook.
Preventing data leakage in low-node/no-code environments
By Amichai Shulman,
CTO at Nokod.
One of the most pressing concerns in LCNC environments is the inadvertent exposure of sensitive assets, leading to potential data leakage. The article highlights real-world examples and explores how misconfigurations, insecure data flows, and insufficient governance can leave organizations vulnerable to breaches.
How to Secure LCNC’s External Attack Surface
By Amichai Shulman,
CTO at Nokod.
Business applications and RPAs developed by citizen and automation developers are increasingly creating an external attack surface that poses significant security risks. Often perceived as “internal tools”, these low-code/no-code applications and automations can inadvertently expose critical enterprise data to external threats if not properly secured..
The Cybersecurity Impact Of GenAI On Low-Code/No-Code Development
In this article on Forbes, Yair Finzi discusses how the integration of GenAI and low-code/no-code development platforms is transforming organizations' approaches to secure application development.
Managing low-code/no-code security risks
By Yair Finzi, CEO at Nokod. Continuous threat exposure management (CTEM) – a concept introduced by Gartner – monitors cybersecurity threats continuously rather than intermittently. A prime candidate for inclusion under the CTEM umbrella is software created in low-code/ no-code (LCNC) and robotic process automation (RPA) environments.
4 Common LCNC Security Vulnerabilities and How To Mitigate Them
In his article “4 Common LCNC Security Vulnerabilities and How To Mitigate Them” on ITPro Today, Amichai Shulman illustrates the impact of low-code/no-code (LCNC) platforms, robotic process automation (RPA), and citizen development on the enterprise attack surface. While accelerating innovation, low-code/no-code platforms introduce significant security risks, such as client-side data access issues, injection attacks, unintended public exposure, and data leakage.
Four ways to mitigate robotic process automation security risks
Nokod's CTO, Amichai Shulman highlights the top security risks associated with RPA (Robotic Process Automation) and shares best practices for mitigating those risks in his latest article on SC Media. This is a must-read if you use and need to secure automations created on platforms like UiPath, MS Power Automate, Automation Anywhere, Pega, or others.
Why Low-Code/No-Code Apps are the Achilles Heel of Security
Yair Finzi, CEO of Nokod Security, shares his security perspective on citizen development and the use of low-code no-code development platforms. It is striking - and worrying - how the current AppSec stack and practices fail to monitor and secure the apps and automations created by citizen developers. Yair discusses some of the root causes in his article.
Reining In Supply Chain Risks In Low-Code And No-Code Apps
In this Forbes article, Yair Finzi, CEO of Nokod, discusses the risks of supply chain attacks in low-code/no-code development platforms (LCAP). Virtually all platforms include a marketplace for third-party components used in apps and automation created by citizen developers. Simple mistakes can lead to vulnerabilities and risks.
Low code, high stakes: Addressing SQL injection
By Amichai Shulman, CTO at Nokod.
Like a bad movie that seems to go on forever, SQL injection (SQLi) attacks have lingered since the late 1990s. Unfortunately, a new wave of SQLi attacks is emerging—and it’s taking a different trajectory than in the past.
Understanding Security's New Blind Spot: Shadow Engineering
By Yair Finzi, CEO at Nokod.
In the rush to digital transformation, many organizations are exposed to security risks associated with citizen developer applications without even knowing it.
Unmasking the Dark Side of Low-Code/No-Code Applications
Low-code/no-code (LCNC) and robotic process automation (RPA) have gained immense popularity, but how secure are they? Is your security team paying enough attention in an era of rapid digital transformation, where business users are empowered to create applications swiftly.