Low-code Security Blog
news, resources
September 19, 2022
ZAPESCAPE: Organization-wide control over Code by Zapier
In the middle of March 2022, Zenity research team discovered a sandbox-escape vulnerability in Code by Zapier, a service used by Zapier to execute custom code as part of a Zap. Exploiting this vulnerability, any user could take full control over the execution environment of their entire account allowing them to manipulate results and steal […]
Read morenews, resources
September 19, 2022
ZAPESCAPE: Vulnerability Disclosure
Date: March 16th 2022 Severity: High Security impact: Privilege Escalation, Data Leakage, Data Manipulation Intro This document is the vulnerability disclosure report once the vulnerability was discovered. For a description of the vulnerability, its impact and what should you do next, please refer to ZAPESCAPE: Organization-wide control over Code by Zapier Summary The Code by […]
Read more
news
August 29, 2022
SaaS Applications Streamline Application Development and Exploitation
Software-as-a-Service (SaaS) applications are built on the premise of streamlining business practices to improve productivity. Microsoft 365, Salesforce, and similar SaaS platforms commonly integrate automation tools that allow business users to develop the tools that they need to do their jobs. The latest iteration of this is the integration of low-code/no-code platforms into these SaaS […]
Read more
news, uncategorized
July 18, 2022
When User Identity Loses Its Meaning, Hackers Win
When it comes to cybersecurity, businesses typically want to assume that every user is a special snowflake.
Read more
news
July 5, 2022
Zapier Storage Exposes Sensitive Customer Data Due to Poor User Choices
Zenity research team has recently discovered a potential customer data leakage in Storage by Zapier, a service used for simple environment and state storage for Zap workflows. With only a few simple steps and no authentication, we were able to access sensitive customer data. Given the nature of this flaw, it would be easy for bad actors to recreate our approach and access the same sensitive data without significant expertise.
Read more
uncategorized
June 20, 2022
Is Credential Sharing the Weakest Link in Your Security Strategy?
You might think that the majority of cybersecurity breaches result from carefully planned and executed attacks. You may imagine hackers expertly crafting phishing emails to con employees into giving away access to critical systems, for example, or planting state-of-the-art malware on victims' servers.
Read more
news
May 31, 2022
Microsoft Power Pages: Low-code Misconfiguration Remains a Top Security Risk
Where is low-code going in 2022? 4 low-code trends that we’ve observed, and our predictions for how they’ll play out in 2022.
Read more
uncategorized
May 16, 2022
Zenity CTO’s New Column Adds Critical Perspective on Citizen Development Security
Dark Reading is a great site to follow if you want to keep up with the latest IT security news and trends. You’ll find plenty of articles on topics like ransomware, supply chain security and insider threats. But one type of security challenge that wasn’t previously covered in a lot of detail on Dark Reading […]
Read more
news
May 11, 2022
Why Are Low-Code Platforms Becoming the New Holy Grail of Cyberattackers?
Why Are Low-Code Platforms Becoming the New Holy Grail of Cyberattackers? Low-code/no-code platforms for enterprise are booming. With more and more critical business assets now stored and handled by these platforms, it is essential to understand that low-code often leads to a large attack surface. This article will explore low-code/no-code from an attacker’s perspective to […]
Read more
news
April 18, 2022
Low-Code vs No-Code: Is There a Difference?
For organizations to be more productive and agile in their development processes, understanding the core differences between low-code and no-code applications and platforms is vital. In this article, we take a closer look at low-code vs no-code, explore the benefits of each, and explain how design flaws and security vulnerabilities in these environments are addressed. […]
Read moreAll the news straight to your inbox.Signup for Zenity’s newsletter.
Acquire Low-Code/No-Code knowledge and insights with Zenity
