Low-code and no-code applications are increasingly becoming the technology of choice for many professionals in the digital workplace. According to Gartner data, 70% of new apps built by enterprises will employ low-code or no-code technologies by 2025, up from less than 25% in 2020. The proliferation of these platforms is fueling the rise of citizen development. The objective of this chapter is to discuss briefly how they are different from our traditional software development and evaluate the risks, vulnerabilities, threats, and security concerns associated with auditing them. Also, after assessing these risks, the authors will identify controls that can be used to mitigate these risks. The key security concerns and proposed security measures to safeguard low-code/no-code platforms were analyzed using a systematic approach. The study concluded that, while these platforms provide several advantages, they also pose new security issues that must be addressed. The outcomes of this research can assist businesses in making educated decisions about employing low-code/no-code platforms.
Top1. Introduction
Due to the complexity of their internal operations and the quantity and intensity of the interactions between the firm and the organizations in their supply network, enterprises today are forced to deal with difficulties that are getting harder to solve. Furthermore, in order to meet the shifting demands of the environment, businesses must be quick to adapt to the changing market. The development of software solutions for businesses has been a main emphasis in attempts to improve the resilience capability of corporations to respond quickly and effectively to market requirements. In the history of computer science, a tremendous amount of research has been directed toward the same goal.(Sanchis et al.,2019)
In the early 2000s, the first low-code platform was released. However starting in the middle of 2010, both Low code and No code platforms saw considerable growth. One of the factors contributing to the massive adoption of Low-code and No-code platforms was the COVID-19 pandemic. Organizations have adopted these low-code and no-code platforms due to the rising demand, the lack of trained developers, and the desire of the business to offer the product or service quickly. According to market research, the market for low-code/no-code development platforms is projected to generate $187 billion in sales by 2030. By 2024, it will represent more than 65% of all application development activities (Gartner 2, 2023). With such strong demand and growth in the Low code and No code platforms, it is critical to understand the risks involved and the steps to mitigate these risks. According to a report by SAP (SAP insights, 2021), low-code is a method of designing and developing applications using intuitive graphical tools and embedded functionalities that reduce traditional – or pro-code –writing requirements. Pro-code writing is still part of the development process, but low-code development offers an augmented and simplified experience to help users start creating quickly. According to a report by SAP (SAP insights, 2021), No-code is a method that benefits from a similar user experience as low-code but goes the extra mile by allowing non-technical business users to develop applications without having to write even a single line of code.
Low-code and no-code modular solutions enable expert developers to construct apps fast by eliminating the need to write code line by line. Additionally, they enable the development and testing of applications by non-software specialists including business analysts, office managers, small business owners, and others. These individuals are capable of developing applications with little to no knowledge of traditional programming languages, machine code, or the development work that goes into the platform's configurable components. In either scenario, customers see a graphical user interface (GUI) that is user-friendly and allows them to combine components and third-party application program interfaces (APIs). Modules can be rearranged and tested several times until the application functions as desired. The rapid advancement in technology has led to the emergence of low-code and no-code platforms, providing a more accessible approach to application development. These platforms have garnered significant attention due to their ability to empower non-technical users to create custom applications and streamline workflows. However, along with the benefits come a myriad of risks and security concerns that must be addressed to ensure the safe utilization of these tools.
This research work delves into the risks associated with low-code and no-code platforms, including a detailed analysis of the recent Microsoft Power Apps breach. The paper further explores various vulnerabilities and security challenges that these platforms face, such as malicious code injection, untrusted components, and data leakage. Lastly, the paper discusses auditing controls and mitigation strategies that can be employed to safeguard applications and data in the context of low-code and no-code development environments.