LASCON – No Code No Risk? What Happens When We Leave No Code up for Grabs

Business professionals are no longer waiting for IT to address their needs. Instead, they are increasingly building their own applications with Low-Code/No-Code platforms. Recent surveys show that most enterprise apps are now built outside of IT by business professionals who hold no previous experience in building software.
Enterprises are placing developer-level power in the hands of 100x new business developers.. What could go wrong?
In this presentation, we will share extensive research on the security of Low-Code applications based on scanning >100K applications across hundreds of enterprise environments. We will demonstrate how most applications get identity, access and data flow wrong, cover a wide range of security issues found in real environments.
We will share the first-ever security framework for categorization of common Low-Code security issues. We will illustrate why the involvement of AppSec teams is desperately missing from business-led development, and share stories about organizations that got it right.


About the host

Michael is the Co-Founder and CTO of Zenity. He is an industry expert in cybersecurity interested in cloud, SaaS and AppSec. Prior to Zenity, Michael was a senior architect at Microsoft Cloud Security CTO Office, where he founded and headed security product efforts for IoT, APIs, IaC and confidential computing. Michael is leading the OWASP community effort on low-code/no-code security.