You are doing it wrong: On vulnerabilities in low code development platforms

Detalhes bibliográficos
Autor(a) principal: Lourenço, M.
Data de Publicação: 2023
Outros Autores: Gasiba, T. E., Pinto-Albuquerque, M.
Idioma: eng
Título da fonte: Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
Texto Completo: http://hdl.handle.net/10071/29454
Resumo: Low-Code Development Platforms (LCDPs) are gaining more and more traction, even in the industrial context, as a means for anyone with less coding experience to develop and deploy applications. However, little is known about the vulnerabilities resulting from this new software development model. This paper aims to understand vulnerabilities in applications developed and deployed on these platforms. We show that these vulnerabilities can be considered from three perspectives: platform, developer, and plugins. We determine the top three vulnerabilities for each perspective based on a review of the literature and expert interviews. Our results contribute to understanding LCDP applications’ security and raise awareness of industry practitioners by providing typical LCDP security pitfalls.
id RCAP_5156556f9c20dbf6b0e93a0be3b06f83
oai_identifier_str oai:repositorio.iscte-iul.pt:10071/29454
network_acronym_str RCAP
network_name_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository_id_str https://opendoar.ac.uk/repository/7160
spelling You are doing it wrong: On vulnerabilities in low code development platformsLow codeSoftware developmentWeb applicationsCybersecurityIndustryLow code development platformsVulnerabilitiesLow-Code Development Platforms (LCDPs) are gaining more and more traction, even in the industrial context, as a means for anyone with less coding experience to develop and deploy applications. However, little is known about the vulnerabilities resulting from this new software development model. This paper aims to understand vulnerabilities in applications developed and deployed on these platforms. We show that these vulnerabilities can be considered from three perspectives: platform, developer, and plugins. We determine the top three vulnerabilities for each perspective based on a review of the literature and expert interviews. Our results contribute to understanding LCDP applications’ security and raise awareness of industry practitioners by providing typical LCDP security pitfalls.IARIA2023-10-18T11:01:01Z2023-01-01T00:00:00Z20232023-10-18T11:58:45Zconference objectinfo:eu-repo/semantics/publishedVersionapplication/pdfhttp://hdl.handle.net/10071/29454eng978-1-68558-113-82519-8599Lourenço, M.Gasiba, T. E.Pinto-Albuquerque, M.info:eu-repo/semantics/openAccessreponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiainstacron:RCAAP2024-07-07T02:56:24Zoai:repositorio.iscte-iul.pt:10071/29454Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireinfo@rcaap.ptopendoar:https://opendoar.ac.uk/repository/71602025-05-28T18:11:26.661597Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiafalse
dc.title.none.fl_str_mv You are doing it wrong: On vulnerabilities in low code development platforms
title You are doing it wrong: On vulnerabilities in low code development platforms
spellingShingle You are doing it wrong: On vulnerabilities in low code development platforms
Lourenço, M.
Low code
Software development
Web applications
Cybersecurity
Industry
Low code development platforms
Vulnerabilities
title_short You are doing it wrong: On vulnerabilities in low code development platforms
title_full You are doing it wrong: On vulnerabilities in low code development platforms
title_fullStr You are doing it wrong: On vulnerabilities in low code development platforms
title_full_unstemmed You are doing it wrong: On vulnerabilities in low code development platforms
title_sort You are doing it wrong: On vulnerabilities in low code development platforms
author Lourenço, M.
author_facet Lourenço, M.
Gasiba, T. E.
Pinto-Albuquerque, M.
author_role author
author2 Gasiba, T. E.
Pinto-Albuquerque, M.
author2_role author
author
dc.contributor.author.fl_str_mv Lourenço, M.
Gasiba, T. E.
Pinto-Albuquerque, M.
dc.subject.por.fl_str_mv Low code
Software development
Web applications
Cybersecurity
Industry
Low code development platforms
Vulnerabilities
topic Low code
Software development
Web applications
Cybersecurity
Industry
Low code development platforms
Vulnerabilities
description Low-Code Development Platforms (LCDPs) are gaining more and more traction, even in the industrial context, as a means for anyone with less coding experience to develop and deploy applications. However, little is known about the vulnerabilities resulting from this new software development model. This paper aims to understand vulnerabilities in applications developed and deployed on these platforms. We show that these vulnerabilities can be considered from three perspectives: platform, developer, and plugins. We determine the top three vulnerabilities for each perspective based on a review of the literature and expert interviews. Our results contribute to understanding LCDP applications’ security and raise awareness of industry practitioners by providing typical LCDP security pitfalls.
publishDate 2023
dc.date.none.fl_str_mv 2023-10-18T11:01:01Z
2023-01-01T00:00:00Z
2023
2023-10-18T11:58:45Z
dc.type.driver.fl_str_mv conference object
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10071/29454
url http://hdl.handle.net/10071/29454
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv 978-1-68558-113-8
2519-8599
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv IARIA
publisher.none.fl_str_mv IARIA
dc.source.none.fl_str_mv reponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron:RCAAP
instname_str FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron_str RCAAP
institution RCAAP
reponame_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
collection Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository.name.fl_str_mv Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
repository.mail.fl_str_mv info@rcaap.pt
_version_ 1833597244045000704

Registros relacionados