Using Low-code and No-code Tools Securely
Description
We use low-code and no-code development approaches and tools to build solutions – quickly. This offers us flexibility in our work: we can experiment and innovate in an efficient way, use our technical expertise in development, and reduce dependencies on our developers and software engineers.
This also introduces security risk. The level of security risk depends on the solution we are building, as well as the decisions we make along the way in planning, development, and maintenance. We want to produce a secure solution, and often we don’t know where to start or what to do. We also share the responsibility of security with others, such as the tool provider, and knowing what we are responsible for can be challenging.
In this course, we will step through the development lifecycle and highlight the key decisions we are making that have a security impact. We will focus on turning our security decisions from implicit to informed, and equip ourselves with the information needed to get this work done.
This course is interactive and is designed to be re-used for each low-code or no-code project you have. That way you only have to go through the learning that you need so you can get your solution built – quickly and securely.
Duration
Takes approximately 1 hour to complete
Certification
Security in Practice: Low Code, No Code
Course Objectives
Identifying the security risk involved with planning, development, and maintenance decisions made during a low-code or no-code project
Knowing the security work that needs to be done and who is responsible for doing it
Asking additional questions to understand where on the sliding scale of shared responsibility the security work sits
Using keywords to find tool-specific documentation for getting the security work done
Syllabus
Module 1: Overview of low-code, no-code, and security
Understanding low-code and no-code development approaches
Understanding the shared responsibility model
Understanding that security risk changes based off our development decisions
Interactive Resource: Low-code No-code Security Questionnaire
Stepping through the planning, development, and maintenance stages of the lifecycle
Identifying the decisions we make in each stage and the security risk that they influence
Creating a process flow diagram to visualize our plan and decisions
Asking additional questions to identifying where the shared responsibility line is
Identifying the security work required based on the decisions and questions we answered
Using keywords provides to search tool provider documentation for details implementation guidance
Includes an interactive questionnaire that helps you generate your security workplan for your low-code or no-code project