Nokod Security Unveils Free Attack Surface Assessment Tool for Microsoft Power Platform

NEW YORK & TEL AVIV, Israel--(BUSINESS WIRE)--Nokod Security, the security company for low-code/no-code (LCNC) application development, today announced the availability of a free discovery and lightweight attack surface assessment tool for Microsoft Power Platform. Designed to address the growing challenge of LCNC shadow engineering, the Nokod Attack Surface Assessment Tool for Power Platform offers visibility into LCNC assets created by citizen developers to help security teams know and understand the scale and presence of security risks.

This latest free offering from Nokod complements two existing LCNC tools that help detect unused data sources in Microsoft Power BI reports. They analyze data models to identify columns not used in visualizations, which could expose sensitive information if reports are overshared internally or published on the web. In June, Nokod reported a data leakage vulnerability in Power BI, affecting thousands of organizations. Both tools allow businesses to assess their exposure and mitigate these risks and are available on GitHub for easy implementation.

As more businesses embrace citizen development, security teams are finding it difficult to track LCNC activities, understand the scope of potential risks, and protect sensitive information. The Nokod Attack Surface Assessment Tool for Power Platform performs scans to discover LCNC assets and provide insights into security risks associated with them, without the need for full integration into the Power Platform.

Nokod’s tool helps security teams quickly understand the size and scope of the LCNC attack surface within their organization by discovering all Power Platform assets and providing insights into potential risks, such as:

• Deleted or Guest Users Developing Apps: Identifies apps created by users no longer with the organization, which may pose a security risk.
• Untrusted and Deprecated Connectors: Detects connectors that could introduce vulnerabilities or allow unauthorized access.
• Potential Data Leakage in Power BI: Exposes reports with hidden sensitive data or unauthorized access to filtered data records that could leak sensitive data internally and externally.

“Our new assessment tool allows organizations to quickly see the full scope of LCNC activity in their environment without deploying and integrating heavy-weight software,” said Amichai Shulman, CTO of Nokod Security. “By providing detailed insight into the size of the LCNC attack surface and identifying critical vulnerabilities, we’re empowering security teams to address those risks proactively.”

Key Features and Benefits

• Complete Attack Surface Visibility: Provides detailed insights into Power Platform development environments, including apps, components, and connectors.
• Vulnerability Identification: Identifies potential security risks in Power Platform environments, such as apps developed by deleted users, untrusted or deprecated connectors, and potential data leakage in Power BI reports.
• Lightweight and External: Unlike tools that require full integration into the Power Platform, Nokod’s tool runs from a local machine, ensuring a lightweight and quick assessment.
• Easy Setup: Users only need to run simple Python commands to execute a scan.

Availability
For more information or to download the free Nokod Attack Surface Assessment Tool for Power Platform, visit https://nokodsecurity.com/tools/.

About Nokod Security

Nokod Security is the security company for low-code/no-code (LCNC) application development. The Nokod Security Platform protects enterprises from security risks introduced by LCNC applications and RPAs developed in a wide range of platforms, including Microsoft Power Platform, UiPath, ServiceNow, Salesforce, and more. The company’s management team were founders of Imperva and SecuredTouch (now Ping Identity). Nokod has received investments from Acrew Capital, Meron Capital, and Flint Capital. For more information about Nokod, follow us X and LinkedIn. To schedule a demo, visit www.Nokodsecurity.com or contact us at info@Nokodsecurity.com.