No-code application platforms emerged a few years ago. They are a very attractive platform to many business organizations because they use modular and pre-built configurations for quick and efficient software development and delivery without writing code. Secure code review is one of the major processes to identify security weaknesses early in the SDLC and prevents potential vulnerabilities when the application is released in production. If there is no code in your software development, what are application security engineers reviewing in the application? In this talk, I’ll talk about your security concerns in no-code application development platforms including the OWASP top 10 no-code security risks, and provide tips to mitigate risks from no-code development. I’ll also introduce a new security review process for no-code software development to reduce security risks. At the end of the talk, I will demonstrate how to conduct security reviews of no-code applications. This talk is helpful for application security engineers whose organizations are considering or already using no-code platforms and anyone who wants to know how to incorporate security into no-code applications.