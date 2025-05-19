Live hacking challenge and groundbreaking security session to highlight hidden risks in no-code apps and automations

Nokod Security, the security company for no-code application development, today announced it will host a no-code Capture the Flag (CTF) hacking competition in collaboration with OWASP at Global AppSec EU 2025 in Barcelona. In addition, Nokod Senior Security Researcher Uriya Elkayam will present a session that exposes data leakage vulnerabilities affecting Power BI reports.

WHO: Nokod Security helps enterprises secure their no-code application development environments.

WHAT:

No-Code Capture the Flag (CTF) Competition

Security researchers will compete in a live event to uncover vulnerabilities in no-code apps that expose sensitive data. All players who successfully complete the challenge will be entered to win prizes, including a DJI NEO Mini Drone and 9 JBL GO 4 speakers.

Conference Session: To BI or Not to BI? Data Leakage Tragedies with Power BI Reports

In this session, Uriya Elkayam will demonstrate how a vulnerability in Microsoft Fabric (Power BI) can allow unauthorized data access via API manipulation, especially in publicly shared reports. He will present PBAnalyzer, an open-source tool developed by Nokod Security, which helps organizations identify data oversharing in widely shared Power BI reports. He will also unveil a new attack technique called DAX Injection, which exploits Power BI queries through Power Automate flows. This attack could potentially lead to external data leakage. The session will conclude with actionable steps for securing Power BI environments.

WHEN WHERE:

No-Code CTF Competition

Live Event: Friday, May 30

10:00 am 2:00 pm

Room: 118

Location: OWASP 2025 Global AppSec, Fira Barcelona Conference Center

Conference Session

To BI or Not to BI? Data Leakage Tragedies with Power BI Reports

Thursday, May 29, 2025, 3:30 pm 4:15 pm CET

Room 113, Fira Barcelona Conference Center

HOW: To schedule a conversation with Nokod Security about no-code and BI platform security contact Marc Gendron at marc@mgpr.net or +1 617.877.7480.

About Nokod Security

Nokod Security is the security company for no-code application development. The Nokod Security Platform protects enterprises from risks introduced by no-code applications across Microsoft Power Platform, UiPath, Salesforce, ServiceNow, and more. Founded by cybersecurity veterans from Imperva and SecuredTouch (now Ping Identity), Nokod is backed by Acrew Capital, Meron Capital, and Flint Capital. Learn more at www.nokodsecurity.com or follow us on X and LinkedIn.

