TL;DR Choose the most secure no-code/low-code platform, offer better security training, and mentor non-professional developers to keep your business or enterprise secure.
No-code/low-code apps are becoming an increasingly important part of any business’s computing infrastructure. They allow business experts and non-programmers to develop powerful enterprise-strength applications.
That’s all to the good. But it also means that people who don’t have backgrounds in baking security into their apps will be writing important code. If you’re worried how to make sure that no-code/low-code apps are as secure as possible, though, there are plenty of things you can do.
Tips for Better No-Code and Low-Code App Security
Some of the best advice I’ve seen comes from the article, “5 ways to make your low-code development more resilient.” Here’s a brief summary of its recommendations.
Security Tip #1: Make sure your security training takes non-professional developers into account
Non-professional developers typically haven’t taken a course in secure app development, and have no hands-on experience with it, either. So any person in a business who builds apps, including citizen developers using no-code app builders, should get security training. In addition, “security champions,” who are experts in security, need to work alongside people who write applications, even if those people are business users, not professional developers.
Security Tip #2: Understand any security shortcomings of your no-code/low-code platform
The article warns, “Because low-code development typically consists of picking components from a limited menu of software components created by the platform provider, or a third party, low-code creators can typically rely on the security measures enforced by the platform.” So you should make sure that you understand the security limitations before you get started, and then reinforce them so apps will be secure.
Security Tip #3: Research a platform’s security capabilities before buying
The article notes, “While low-code platforms assume much of the software risk, companies need to be aware of the options for each platform to understand the potential attack surface area.”
Doing that will help you better decide which platform to buy. Stay away from any that don’t offer the best security possible.
Security Tip #4: Use the platform’s security tools
Knowing a platform’s security capabilities is one thing; actually using them is another. Make sure that every security capability built into the platform is used for every application written with it.
Security Tip #5: Plan, plan and plan again
The article recommends, “In the end, companies need to include security in their broader planning. For low-code platforms, that means incorporating application-security testing and reporting into the development and management of low-code applications.”
Security Tip #6: Mentor Citizen Developers
There's one other recommendation as well --- find a way to get professional developers to mentor non-developers on best security practices.