Gain Visibility into Security Risks and Issues on Power Platform
Don’t ignore risks and vulnerabilities introduced by citizen development. Use our free security tools to understand this rapidly growing attack surface and your company’s exposure better.
Risk Assessment Tool for Power Platform
With citizen developers’ widespread adoption of Microsoft Power Platform, security teams are challenged to evaluate the risks and vulnerabilities created by business users.
To assess your risk exposure, Nokod developed a lightweight, open-source assessment tool that you can easily run locally/on-premise. Its purpose is to provide a quick and informative view of your Power Platform environments—development and production—and help you understand the size of your attack surface and prominent security issues.
Receive an easily shareable report with stats on your environments, components, connectors, and insights into vulnerabilities.
The assessment tool is available on GitHub.
If you need help with this tool, please contact us at [email protected].
Power BI Analyzer
This project contains two tools for detecting unused data sources in your Power BI (Microsoft Fabric) reports. These tools analyze the reports’ data models and identify columns not used in visualizations. Unwanted access to this data can pose a security risk, and it is essential to identify and remove unused columns to reduce the risk of data breaches.
On June 19, 2024, Nokod Security published a warning about the easy exploitation of a data leakage vulnerability in the Microsoft Power BI service. This vulnerability potentially affects tens of thousands of organizations and allows anonymous Internet viewers to access sensitive data, including employee and business data, PHI, and PII. For details about the exploit, visit our blog.
Power BI Analyzer offers two simple, open-source tools for organizations to assess their exposure to this vulnerability. It is available on GitHub.
TOOL 1 - INTERNAL, OVER-SHARED REPORTS
This tool includes a Python module that interacts with the Power BI API. It sends requests to get the list of all reports shared with the entire organization and analyzes them to detect unused data sources.
TOOL 2 - REPORTS PUBLISHED TO THE WEB
This tool includes a Python module that creates a CSV file with a list of all the URLs of reports published to the web in your company and analyzes them to detect unused data sources.
If you need help with this tool, please contact us at [email protected].
Talk with our Power Platform Security Experts.
Need Help? Discuss your findings and concerns with us!
We hope you find our free evaluation tools helpful. Feel free to contact us and get further evaluations, benchmarks, and remediation tips.
We are also happy to show you how Nokod Security can benefit you, your team, and your organization. Experience how to effectively secure your apps, automations, and reports.
Nokod's Security Solution allows you to:
Discover all your organization’s applications, automations, and reports on Power Platform.
Empower citizen developers and security teams to deal with threats right away.
Place them under your policies to reveal governance and compliance issues.