OWASP Top 10 Low-Code/No-Code Security Risks

OWASP Top 10 for Low-Code/No-Code Apps

stars slack email group


Low-code/No-Code development platforms provide a development environment used to create application software through a graphical user interface instead of traditional hand-coded computer programming. Such platforms reduce the amount of traditional hand-coding, enabling accelerated delivery of business applications.

As Low-Code/No-Code platforms proliferate and become widely used by organizations, there is a clear and immediate need to create awareness around security and privacy risks related to applications developed on such platforms.

The primary goal of the “OWASP Top 10 Low-Code/No-Code Security Risks” document is to provide assistance and education for organizations looking to adopt and develop Low-Code/No-Code applications. The guide provides information about what are the most prominent security risks for such applications, the challenges involved, and how to overcome them. .

The List

  1. LCNC-SEC-01: Account Impersonation
  2. LCNC-SEC-02: Authorization Misuse
  3. LCNC-SEC-03: Data Leakage and Unexpected Consequences
  4. LCNC-SEC-04: Authentication and Secure Communication Failures
  5. LCNC-SEC-05: Security Misconfiguration
  6. LCNC-SEC-06: Injection Handling Failures
  7. LCNC-SEC-07: Vulnerable and Untrusted Components
  8. LCNC-SEC-08: Data and Secret Handling Failures
  9. LCNC-SEC-09: Asset Management Failures
  10. LCNC-SEC-10: Security Logging and Monitoring Failures

Project Sponsors

The OWASP Top 10 Low-Code/No-Code Security Risks project is supported by Zenity

How to contribute

Involvement in the development and promotion of OWASP Top 10 Low-Code/No-Code Security Risks is actively encouraged! You do not have to be a security expert in order to contribute.

Here are some ways you can help:

  • We are looking for organizations and individuals that will provide vulnerability prevalence data
  • Translate the top 10 to non-English languages
  • Review, critic and suggest improvements to the Top 10 list

How to reach out:

Individuals and organizations that provide a significant contribution to the project will be listed on the acknowledgments page.


Individuals that provided a significant contribution to the project:

Name Affiliation Contact
Michael Bargury Zenity Twitter LinkedIn
Ory Segal Palo Alto Networks Twitter LinkedIn
Don Willits Microsoft LinkedIn


The OWASP Top 10 Low-Code/No-Code Security Risks project is supported by Zenity