OWASP 2025 Global AppSec EU

Low-code and no-code (LCNC) development has transformed the way organizations build applications, enabling business users—often with little security expertise—to create powerful workflows, automations, and even AI-driven solutions. As these platforms increasingly integrate AI-powered copilots and automation tools, their adoption is skyrocketing, but so are security risks that traditional AppSec frameworks fail to address.

Recognizing this urgent gap, we established the OWASP Low-Code/No-Code Security Top 10 project to clarify the unique risks in these environments. In this session, we will share our journey—how we classified the Top 10 security risks in LCNC, what we have accomplished since the project’s inception, and how AI-driven low-code development introduces new attack vectors that security teams must prepare for.

Attendees will gain insights into:

* How LCNC security challenges have evolved, especially with the rise of AI-powered platforms.
* The OWASP Low-Code/No-Code Security Top 10, providing a much-needed framework for both citizen developers and security professionals.
* Real-world exploit scenarios, from insecure workflows and data exposure to AI-powered automation risks.
* The current state of low-code security and AI governance, key findings from our research, and what’s next for securing this fast-growing space.

As AI and low-code become inseparable in modern development, security teams must adapt quickly to prevent misuse, misconfigurations, and data exposure. This session is ideal for AppSec professionals, developers, security leaders, and platform owners looking to secure LCNC applications while enabling innovation.

Join us to explore the evolving threat landscape and gain actionable strategies to safeguard the next wave of AI-driven enterprise applications.