DES 364 – Mitigating Low-Code/No-Code Authentication and Secure Communication Failures (NEW)

Course Overview

Low-code/no-code development is a popular approach in which business users create software applications without writing the code themselves. The ease of use and complexity of LCNC platforms inadvertently increase vulnerability to attacks and misconfigurations, further exposing applications to security risks. These platforms typically interact with business-critical data via connections set up by business users, often resulting in insecure communications. Many applications must access and/or move data to fulfill their design. When the connection to access or move the data is created, “improper” settings can lead to the data being intercepted, blocked, or users having over-privileged access to data, services, and more.

This course is designed to help individuals working in roles defined by the NICE Cybersecurity Workforce Framework, such as Vulnerability Assessment Analyst (PR-VAM-001), Cyber Defense Infrastructure Support Specialist (PR-INF-001), Secure Software Assessor (SP-DEV-002), and Systems Requirements Planner (SP-SRP-001). The course objectives are aligned with the OWASP Low-code/No-code Top 10 guidelines.

By completing this course, you will acquire the knowledge and skills required to:

• Limit the creation of connections in production environments to only dedicated personnel
• Educate business users on the risks of insecure communications and the need to involve security teams when setting up connections
• Monitor platforms for connections that do not comply with best practices