Dark Reading, January 8, 2020, with comments by Vinay Mamidi
No-code and low-code development platforms are part of application development, but there are keys to making sure that they don't leave security behind with traditional coding.
The appeal of the no-code and low-code trend in application development is pretty obvious. It offers greater ease of process - developers get to write less code and experience faster process and lower overhead.
But do the benefits gained come at the cost of security?
No/low-code platforms separate developers’ focus on application logic from other functions of the platform, such as user interfaces and the delivery network. The question is, is it safe for the platform users to assume that the platform developers understood and designed adequate security into the platform framework? Or would making such sweeping assumptions about something so critical be dangerous?
Separately and specifically, securing an application is a different animal from securing a network. Applications are vulnerable to things like inadequate patching and process memory exploits. Insight into what your applications are doing and awareness of any deviant behavior is critical.
"Low-code and no-code development models are powerful and democratize development for non-technical users to easily build powerful workflows," says Vinay Mamidi, senior director of project management at Virsec. "But there’s always a gotcha -- while trained developers may have varying levels of skill in security, no-code developers are generally oblivious to security best practices or risks."
Read full In App Development, Does No-Code Mean No Security article.