OWASP Top 10 Low-Code/No-Code Security Risks
Overview
Low-code/No-Code development platforms provide a development environment used to create application software through a graphical user interface instead of traditional hand-coded computer programming. Such platforms reduce the amount of traditional hand-coding, enabling accelerated delivery of business applications.
As Low-Code/No-Code platforms proliferate and become widely used by organizations, there is a clear and immediate need to create awareness around security and privacy risks related to applications developed on such platforms.
The primary goal of the “OWASP Top 10 Low-Code/No-Code Security Risks” document is to provide assistance and education for organizations looking to adopt and develop Low-Code/No-Code applications.
The guide provides information about what are the most prominent security risks for such applications, the challenges involved, and how to overcome them.
.
The List
- LCNC-SEC-01: Account Impersonation
- LCNC-SEC-02: Authorization Misuse
- LCNC-SEC-03: Data Leakage and Unexpected Consequences
- LCNC-SEC-04: Authentication and Secure Communication Failures
- LCNC-SEC-05: Security Misconfiguration
- LCNC-SEC-06: Injection Handling Failures
- LCNC-SEC-07: Vulnerable and Untrusted Components
- LCNC-SEC-08: Data and Secret Handling Failures
- LCNC-SEC-09: Asset Management Failures
- LCNC-SEC-10: Security Logging and Monitoring Failures
Project Sponsors
The OWASP Top 10 Low-Code/No-Code Security Risks project is supported by Zenity
How to contribute
Involvement in the development and promotion of OWASP Top 10 Low-Code/No-Code Security Risks is actively encouraged! You do not have to be a security expert in order to contribute.
Here are some ways you can help:
- We are looking for organizations and individuals that will provide vulnerability prevalence data
- Translate the top 10 to non-English languages
- Review, critic and suggest improvements to the Top 10 list
How to reach out:
- Give us feedback / suggestions / report bugs on GitHub
- Join our email group
- Support us on Twitter
- Contact the project leads
- Talk to us on Slack (#low-code-no-code-top10-security-risks)
Individuals and organizations that provide a significant contribution to the project will be listed on the acknowledgments page.
Contributors
Individuals that provided a significant contribution to the project:
| Name | Affiliation | Contact |
|---|---|---|
| Michael Bargury | Zenity | Twitter LinkedIn |
| Ory Segal | Palo Alto Networks | Twitter LinkedIn |
| Don Willits | Microsoft |
Sponsors
The OWASP Top 10 Low-Code/No-Code Security Risks project is supported by Zenity
Project Classification
Top 10 Low-Code/No-Code Security Risks
- Return to homepage
- LCNC-SEC-01: Account Impersonation
- LCNC-SEC-02: Authorization Misuse
- LCNC-SEC-03: Data Leakage and Unexpected Consequences
- LCNC-SEC-04: Authentication and Secure Communication Failures
- LCNC-SEC-05: Security Misconfiguration
- LCNC-SEC-06: Injection Handling Failures
- LCNC-SEC-07: Vulnerable and Untrusted Components
- LCNC-SEC-08: Data and Secret Handling Failures
- LCNC-SEC-09: Asset Management Failures
- LCNC-SEC-10: Security Logging and Monitoring Failures