Publicação
Low-Code security for industrial applications
| Resumo: | Low-Code Development Platforms (LCDPs) are gaining more and more traction, even in the industrial context, as a means for making software development faster, cheaper and easier. With its visual features, such as user-friendly graphical interfaces and the use of drag-and-drop, anyone from programming experts to someone with less or no experience in development can use them to develop and deploy applications. However, little is known about the vulnerabilities resulting from this new software development model. Although anyone can develop software with LCDPs, people with less cybersecurity knowledge can unwittingly add vulnerabilities to their applications. This thesis aims to understand the vulnerabilities of applications developed and deployed on these platforms, addressing the problem of vulnerabilities in LCDPs by developing an artefact. These vulnerabilities can be considered from three perspectives: platform, developer, and plugins. This artefact presents a top three vulnerabilities for each perspective, based on a literature review, database research and interviews with experts. Also, guidelines are provided on how to develop applications securely using these platforms, based on the systematised information on vulnerabilities. The results show that the artifact developed is a good method for understanding the problem defined and has been accepted in the industry for which it was created. This work contributes to understanding the security of applications developed with LCDPs and raises awareness among professionals in the sector by systematising information on cybersecurity in LCDPs. |
|---|---|
| Autores principais: | Lourenço, Miguel da Ponte |
| Assunto: | Low-Code Desenvolvimento de software -- Software development Cybersecurity Indústria -- Industry Low-Code Development Platforms Vulnerabilities Cibersegurança Vulnerabilidades |
| Ano: | 2023 |
| País: | Portugal |
| Tipo de documento: | dissertação de mestrado |
| Tipo de acesso: | acesso aberto |
| Instituição associada: | ISCTE |
| Idioma: | inglês |
| Origem: | Repositório ISCTE |
| Resumo: | Low-Code Development Platforms (LCDPs) are gaining more and more traction, even in the industrial context, as a means for making software development faster, cheaper and easier. With its visual features, such as user-friendly graphical interfaces and the use of drag-and-drop, anyone from programming experts to someone with less or no experience in development can use them to develop and deploy applications. However, little is known about the vulnerabilities resulting from this new software development model. Although anyone can develop software with LCDPs, people with less cybersecurity knowledge can unwittingly add vulnerabilities to their applications. This thesis aims to understand the vulnerabilities of applications developed and deployed on these platforms, addressing the problem of vulnerabilities in LCDPs by developing an artefact. These vulnerabilities can be considered from three perspectives: platform, developer, and plugins. This artefact presents a top three vulnerabilities for each perspective, based on a literature review, database research and interviews with experts. Also, guidelines are provided on how to develop applications securely using these platforms, based on the systematised information on vulnerabilities. The results show that the artifact developed is a good method for understanding the problem defined and has been accepted in the industry for which it was created. This work contributes to understanding the security of applications developed with LCDPs and raises awareness among professionals in the sector by systematising information on cybersecurity in LCDPs. |
|---|