OWASP Top 10 Low-Code/No-Code Security Risks


Low-code/No-Code development platforms provides a development environment used to create application software through a graphical user interface instead of traditional hand-coded computer programming. Such platforms reduce the amount of traditional hand coding, enabling accelerated delivery of business applications.

As Low-Code/No-Code platforms proliferate and become widely used by organizations, there is a clear and immediate need to create awareness around security and privacy risks related to applications developed on such platforms.

The primary goal of the “OWASP Top 10 Low-Code/No-Code Security Risks” document is to provide assistance and education for organizations looking to adopt and develop Low-Code/No-Code applications. The guide provides information about what are the most prominent security risks for such applications, the challenges involved, and how to overcome them.

Getting Involved

You do not have to be a security expert or a programmer to contribute. Contact the project leader(s) to get involved, we welcome any type of suggestion and comments. Possible ways to contribute:

  • We are actively looking for organizations and individuals that will provide vulnerability prevalence data
  • Translation efforts (later stages)
  • Individuals and organizations that will contribute to the project will be listed on the acknowledgments page.

Project Sponsors

The OWASP Top 10 Low-Code/No-Code Security Risks project is supported by Zenity