O My Data: OData Injection Attack in Microsoft Power Platform and UiPath
NY State-Licensed Certificates in Design, Coding & AI — Online
Get 20% off all career paths from fullstack to AI
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Discover a new attack technique called "OData Injection" in this 48-minute conference talk by Amichai Shulman at OWASP Global AppSec. Learn how this vulnerability affects API-based environments, particularly Microsoft Power Automate within the Power Platform, allowing attackers to extract sensitive data and bypass access controls. Explore the misconception that "No Code = No Vulnerabilities" as the presentation demonstrates how applications and automations created by citizen developers using Low Code/No Code (LCNC) platforms like Microsoft Power Platform and UiPath Cloud Automation remain susceptible to traditional injection attacks including SQL Injection and OS Command Injection. Through practical demonstrations simulating real-world findings, understand how these supposedly "internal applications" can be exploited by external attackers, challenging the security assumptions many organizations make about their digital transformation tools.
Syllabus
O My Data: OData Injection attack in Microsoft Power Platform and UiPath - Amichai Shulman
Taught by
OWASP Foundation