Skip to main content
back to agenda
on this page

Storytime: Attacking and securing low-code apps

  • 14:40
  • Thu
  • 16 Nov
Stage:
Briefing Stage 1
Format:
Session

Presenter:

In this briefing, I'll share a high level details (no exploits) for a real-world case I came a cross while hunting for bugs on a critical low-code app. The case unfolded as a series of discoveries, culminating in the identification of numerous vulnerabilities within the low-code application, among them being remote code execution and the takeover of a development admin account. Interesting enough, the bugs were duplicated in several other critical low-code apps. 

Throughout this session, I will share my methodology in finding vulnerabilities in low-code apps with the aim to highlight common weakness associated with low-code apps which are different in nature than traditional apps.

Presenter: