Free tool helps find vulnerabilities in Microsoft Power Platform code
A new free discovery and lightweight attack surface assessment tool for Microsoft Power Platform aims to address the growing challenge of low-code/no-code (LCNC) shadow engineering.
The tool from Nokod Security offers visibility into LCNC assets created by citizen developers to help security teams know and understand the scale and presence of security risks.
Power Platform allows users to rapidly build customized end-to-end business solutions. But as more businesses embrace citizen development, security teams are finding it increasingly difficult to track LCNC activities, understand the scope of potential risks, and protect sensitive information. The Nokod Attack Surface Assessment Tool for Power Platform performs scans to discover LCNC assets and provide insights into security risks associated with them, without the need for full integration into Power Platform.
"Our new assessment tool allows organizations to quickly see the full scope of LCNC activity in their environment without deploying and integrating heavy-weight software," says Amichai Shulman, CTO of Nokod Security. "By providing detailed insight into the size of the LCNC attack surface and identifying critical vulnerabilities, we're empowering security teams to address those risks proactively."
Key features include the ability to provide detailed insights into Power Platform development environments, including apps, components, and connectors. It can identify potential security risks in Power Platform environments, such as apps developed by deleted users, untrusted or deprecated connectors, and potential data leakage in Power BI reports.
Unlike tools that require full integration into the Power Platform, Nokod's tool runs from a local machine, ensuring a lightweight and quick assessment. Users only need to run simple Python commands to execute a scan.
You can find out more and download the free tool on the Nokod site, it's also available on GitHub.
Image credit: YAYImages/depositphotos.com