No Code You Shall Use, Malware You Shall Get - Security Risks in Low-Code/No-Code Platforms

Explore the potential security risks associated with Low-Code/No-Code (LCNC) application development platforms in this 37-minute OWASP Foundation conference talk. Delve into the research on spreading malware and launching supply chain attacks through marketplace functionalities of leading LCNC platforms. Examine two primary threats: malicious components intentionally created by threat actors and vulnerable components shared without thorough security review. Learn about attempts to introduce vulnerable and malicious components into various LCNC platform marketplaces, including successful methods and existing guardrails. Discover techniques used to promote malicious or vulnerable components, increasing the likelihood of their use by unsuspecting developers. Witness demonstrations of potential outcomes from compromised LCNC components and gain insights from cyber security expert Amichai Shulman, CTO and co-founder of Nokod Security.