Build a Learning Habit
Download Class Central's free printable study calendar
Download for Free
Discover a new attack technique called "OData Injection" in this 48-minute conference talk by Amichai Shulman at OWASP Global AppSec. Learn how this vulnerability affects API-based environments, particularly Microsoft Power Automate within the Power Platform, allowing attackers to extract sensitive data and bypass access controls. Explore the misconception that "No Code = No Vulnerabilities" as the presentation demonstrates how applications and automations created by citizen developers using Low Code/No Code (LCNC) platforms like Microsoft Power Platform and UiPath Cloud Automation remain susceptible to traditional injection attacks including SQL Injection and OS Command Injection. Through practical demonstrations simulating real-world findings, understand how these supposedly "internal applications" can be exploited by external attackers, challenging the security assumptions many organizations make about their digital transformation tools.
