(image by gaihong, via Adobe Stock)
The new trend in enterprise application development: creating new applications without writing code. "Low-code" or "no-code" development platforms offer the promise of rapid application development — often by business-unit or subject-matter experts — without the overhead of traditional development by traditional developers.
The question is whether no-code also means no security.
From content management systems like WordPress to enterprise application builders like Appian, no/low-code platforms are intended to allow developers to focus on the application logic while the details of device, delivery network, and user interfaces are left to the platform. "Low-code and no-code development models are powerful and democratize development for non-technical users to easily build powerful workflows," says Vinay Namidi, senior director of project management at Virsec. "But there’s always a gotcha -- while trained developers may have varying levels of skill in security, no-code developers are generally oblivious to security best practices or risks."
Does training matter?
While business unit developers may not have the security expertise of trained enterprise software developers, the operating assumption is that the platforms themselves build security into the final product. "The onus moves onto the framework from the [platform] developers, so [the platform users] don't have to understand secure coding," explains Jason Kent, hacker in residence at Cequent. "But that assumes that the framework is written securely."
That assumption can be a good one, if the framework is being used the ..
Support the originator by clicking the read the rest link below.
