Using Low-code and No-code Tools Securely

Written By The SafeStack Team

Description

We use low-code and no-code development approaches and tools to build solutions – quickly. This offers us flexibility in our work: we can experiment and innovate in an efficient way, use our technical expertise in development, and reduce dependencies on our developers and software engineers.

This also introduces security risk. The level of security risk depends on the solution we are building, as well as the decisions we make along the way in planning, development, and maintenance. We want to produce a secure solution, and often we don’t know where to start or what to do. We also share the responsibility of security with others, such as the tool provider, and knowing what we are responsible for can be challenging.

In this course, we will step through the development lifecycle and highlight the key decisions we are making that have a security impact. We will focus on turning our security decisions from implicit to informed, and equip ourselves with the information needed to get this work done.

This course is interactive and is designed to be re-used for each low-code or no-code project you have. That way you only have to go through the learning that you need so you can get your solution built – quickly and securely.


Duration

Takes approximately 1 hour to complete


Certification

Security in Practice: Low Code, No Code


Course Objectives

  • Identifying the security risk involved with planning, development, and maintenance decisions made during a low-code or no-code project

  • Knowing the security work that needs to be done and who is responsible for doing it

  • Asking additional questions to understand where on the sliding scale of shared responsibility the security work sits

  • Using keywords to find tool-specific documentation for getting the security work done


Syllabus

Module 1: Overview of low-code, no-code, and security

  • Understanding low-code and no-code development approaches

  • Understanding the shared responsibility model

  • Understanding that security risk changes based off our development decisions

Interactive Resource: Low-code No-code Security Questionnaire

  • Stepping through the planning, development, and maintenance stages of the lifecycle

  • Identifying the decisions we make in each stage and the security risk that they influence

  • Creating a process flow diagram to visualize our plan and decisions

  • Asking additional questions to identifying where the shared responsibility line is

  • Identifying the security work required based on the decisions and questions we answered

  • Using keywords provides to search tool provider documentation for details implementation guidance

  • Includes an interactive questionnaire that helps you generate your security workplan for your low-code or no-code project

The SafeStack Team
Previous

Mobile Application Security
Next

Threat Assessment for Software Development