Publicação em atas de evento científico
You are doing it wrong: On vulnerabilities in low code development platforms
Miguel Lourenço (Lourenço, M.); Tiago Espinha Gasiba (Gasiba, T. E.); Maria Pinto-Albuquerque (Pinto-Albuquerque, M.);
CYBER 2023: The Eighth International Conference on Cyber-Technologies and Cyber-Systems
Ano (publicação definitiva)
2023
Língua
Inglês
País
--
Mais Informação
Web of Science®

Esta publicação não está indexada na Web of Science®

Scopus

Esta publicação não está indexada na Scopus

Google Scholar

N.º de citações: 5

(Última verificação: 2024-12-21 15:12)

Ver o registo no Google Scholar

Abstract/Resumo
Low-Code Development Platforms (LCDPs) are gaining more and more traction, even in the industrial context, as a means for anyone with less coding experience to develop and deploy applications. However, little is known about the vulnerabilities resulting from this new software development model. This paper aims to understand vulnerabilities in applications developed and deployed on these platforms. We show that these vulnerabilities can be considered from three perspectives: platform, developer, and plugins. We determine the top three vulnerabilities for each perspective based on a review of the literature and expert interviews. Our results contribute to understanding LCDP applications’ security and raise awareness of industry practitioners by providing typical LCDP security pitfalls.
Agradecimentos/Acknowledgements
Miguel Lourenço and Maria Pinto-Albuquerque thank the Instituto Universitário de Lisboa and ISTAR for their support. Siemens acknowledges funding for project CONTAIN bythe Federal Ministry of Education and Research under project number 13N16585.
Palavras-chave
Low code,Software development,Web applications,Cybersecurity,Industry,Low code development platforms,Vulnerabilities
Prémios
Prémio de Melhor Artigo
Registos de financiamentos
Referência de financiamento Entidade Financiadora
UIDB/04466/2020 Fundação para a Ciência e a Tecnologia
UIDP/04466/2020 Fundação para a Ciência e a Tecnologia
13N16585 Federal Ministry of Education and Research
Projetos Relacionados

Esta publicação é um output do(s) seguinte(s) projeto(s):