Nokod Security is building a platform that enables organizations to secure in-house low-code/no-code custom applications by scanning for security and compliance issues and applying remediation policies
Latest coverage for Low-code
Low-code platforms can speed software delivery but may introduce security risks through misconfigured workflows, exposed data, and weak access controls.
Refine the feed
Search across headline titles and summaries.
Tag briefing
Background for this topic.
Low-code platforms let developers build applications largely through visual workflows, data models, and prebuilt components, with limited hand-written code. They are used for internal tools, business processes, and customer-facing services; “no-code” platforms are the more restrictive version. Security depends not only on the generated application but also on the platform, its connectors, and the configuration chosen by its users.
Material risks include excessive permissions, insecure API connections, exposed credentials, and unintended access to sensitive data when workflows or sharing settings are misconfigured. Abstracted logic can also make it harder to review authorization, input validation, and third-party components. Security teams should inventory low-code applications, assess platform and connector vulnerabilities, enforce least-privilege identities and secret management, review configurations and generated code where possible, and retain audit logs for investigation. Vendor update practices, data residency, deletion, and export capabilities also affect vulnerability management, privacy, and compliance.