OWASP Low-Code/No-Code Top 10
Low-Code/No-Code development platforms provide a development environment used to create application software through a graphical user interface instead of traditional hand-coded computer programming. Such platforms reduce the amount of traditional hand-coding, enabling accelerated delivery of business applications.
As Low-Code/No-Code platforms proliferate and become widely used by organizations, there is a clear and immediate need to create awareness around security and privacy risks related to applications developed on such platforms.
The primary goal of the “OWASP Low-Code/No-Code Top 10” document is to provide assistance and education for organizations looking to adopt and develop Low-Code/No-Code applications. The guide provides information about what the most prominent security risks are for such applications, the challenges involved, and how to overcome them.
- LCNC-SEC-01: Account Impersonation
- LCNC-SEC-02: Authorization Misuse
- LCNC-SEC-03: Data Leakage and Unexpected Consequences
- LCNC-SEC-04: Authentication and Secure Communication Failures
- LCNC-SEC-05: Security Misconfiguration
- LCNC-SEC-06: Injection Handling Failures
- LCNC-SEC-07: Vulnerable and Untrusted Components
- LCNC-SEC-08: Data and Secret Handling Failures
- LCNC-SEC-09: Asset Management Failures
- LCNC-SEC-10: Security Logging and Monitoring Failures
How to contribute
Involvement in the development and promotion of OWASP Top 10 Low-Code/No-Code Security Risks is actively encouraged! You do not have to be a security expert in order to contribute.
Here are some ways you can help:
- We are looking for organizations and individuals that will provide vulnerability prevalence data
- Translate the top 10 to non-English languages
- Review, critique and suggest improvements to the Top 10 list
- Star the GitHub Project
- Contribute real world examples to categories in the Top 10 list
- Add your Success Story - tell us and the world how you’re using the Top 10 list
Individuals and organizations that provide a significant contribution to the project will be listed on the acknowledgments page.
How to reach out:
- Give us feedback / suggestions / report bugs on GitHub
- Join our email group
- Contact the project leads
- Talk to us on Slack (#low-code-no-code-top10-security-risks)
Got an idea?
Got any ideas on how to make this project better? These guidelines will help with how to get involved:
- Join the conversation on email or Slack to find collaborators or see if others have a similar interest.
- Search the project’s GitHub issues for related proposals. Found one? Join it!
- If you haven’t found a relevant issue, create one! Clearly specify why your proposal is important and which changes are proposed. Advertise your proposal to others to find collaborators. See examples: Add descriptions for business users, Add product-specific examples.
Getting Started with your first Pull Request
A Pull Request (PR) can be created by following these steps.
- Fork this repository.
- Create an initial draft implementing your proposal and submit it for review as a PR. Don’t let perfect be the enemy of good.
- Advertise your proposal to others and ask for reviews.
- Once your PR is merged, continue to submit PRs to fine-tune and improve on previous versions.
- Congrats and thank you!
Individuals that provided a significant contribution to the project:
|Palo Alto Networks
The OWASP Top 10 Low-Code/No-Code Security Risks project is supported by Zenity