Add product-specific examples · Issue #49 · OWASP/www-project-top-10-low-code-no-code-security-risks (original) (raw)

Context

Low-Code/No-Code can mean many different things. Tools can differ in technology, users, developers, use cases and more. For example, Low-Code Application Platforms (LCAP) is used to build web and mobile applications while Robotic Process Automation (RPA) is used to build bots. These technologies are ever-changing and are in the process of merging with eachother, so its still important to cover them in a single project. However, we should also emphasize where they differ, allowing people to focus on the risks relevant to a particular technology.

Proposal Description

The current template for a risk category is as follows:

• Risk Rating
• The Gist
• Description
• Example Attack Scenarios
  • Scenario 1
  • Scenario 2
  • ...
• How to Prevent
• References

We propose the following additions:

• A new subsection under Risk Rating, where we provide different ratings for each Low-Code development technologies
• Label each Scenario with the relevant technologies. A scenario can apply to multiple technologies.

Low-Code development technologies to distinguish:

• Low-Code Application Platforms (LCAP)
• Robotic Process Automation (RPA)
• Integration Platform as a Service (iPaaS)