Security in Low-Code Applications: Cybersecurity Features and Best Practices for the Joget Open Source Platform
However, the proliferation of apps and digital solutions bring with it increased cybersecurity risks like phishing attempts and ransomware attacks. As the SolarWinds hack in 2020 and Microsoft Exchange hack in 2021 demonstrated, the cost of security lapses can be monumental. Security considerations are therefore paramount, so how would they apply to low-code platforms?
|Source: Don’t Ignore Security In Low-Code Development, Forrester Research Inc, 23rd Dec 2020|
- Low-code platforms empower business users, called citizen developers, who are likely to be less aware or trained in application security. This increases the number of people with potential access to sensitive data, or to introduce security vulnerabilities.
- However, low-code applications can be more secure compared to those built with traditional coding methods. This is due to the fact that low-code platforms typically provide built-in security controls and can automatically mitigate risks around common security issues like SQL injection or cross-site scripting (XSS). However, additional risks may be introduced with custom code so these need to be managed.
- Low-code platforms provide a multitude of security controls and practices, so organizations must understand and implement policies and processes to address security requirements, both at the platform and application level.
- Lack of visibility on what citizen developers are actually developing. This is related to shadow IT, where IT may lose track of applications being built and deployed within the organization.
- No data oversight, in terms of not putting in proper access controls or protecting access to sensitive data. When connecting to data sources, appropriate security controls may not have been put in place to ensure proper sharing of data.
- No auditing of vendor systems, where organizations may not have access to the security audits and compliance that are already in place in the low-code platforms.
- Business logic problems that expose data, when using custom code that does not enforce secure access to sensitive data. Organizations might not apply adequate security training and testing to custom code, which might introduce security risks.
- Get Started - On-premise, on-demand, public/private cloud, cloud native, and more.
- Joget DX Video Tutorials - Quick overview and build your first app.
- Joget DX Knowledge Base - User and developer reference, samples and other documentation.
- Community Q&A - Ask questions, get answers, and help others.
- Language Translations - Translations for more than 20 languages.
- Joget Academy - Self-paced online learning and certification.
- Joget Marketplace - Download ready made apps, plugins, templates and more.
- Joget Events - Upcoming and past Joget events & webinars.
- Joget Press - Joget press releases.
- Joget Reviews - Joget reviews and customer testimonials.