Nokod Security to Host Capture the Flag Competition and Demonstrate Microsoft Power BI Vulnerability at OWASP Global AppSec EU 2025

NEW YORK & TEL AVIV, Israel--(BUSINESS WIRE)--Nokod Security, the security company for no-code application development, today announced it will host a no-code Capture the Flag (CTF) hacking competition in collaboration with OWASP at Global AppSec EU 2025 in Barcelona. In addition, Nokod Senior Security Researcher Uriya Elkayam will present a session that exposes data leakage vulnerabilities affecting Power BI reports.

Attendees can compete in a live event to uncover vulnerabilities in no-code apps that expose sensitive data. All players who successfully complete the challenge will be entered to win prizes, including a DJI NEO Mini Drone and 9 JBL GO 4 speakers.

Share

WHO: Nokod Security helps enterprises secure their no-code application development environments.

WHAT:

No-Code Capture the Flag (CTF) Competition
Security researchers will compete in a live event to uncover vulnerabilities in no-code apps that expose sensitive data. All players who successfully complete the challenge will be entered to win prizes, including a DJI NEO Mini Drone and 9 JBL GO 4 speakers.

Conference Session: To BI or Not to BI? Data Leakage Tragedies with Power BI Reports
In this session, Uriya Elkayam will demonstrate how a vulnerability in Microsoft Fabric (Power BI) can allow unauthorized data access via API manipulation, especially in publicly shared reports. He will present PBAnalyzer, an open-source tool developed by Nokod Security, which helps organizations identify data oversharing in widely shared Power BI reports. He will also unveil a new attack technique called DAX Injection, which exploits Power BI queries through Power Automate flows. This attack could potentially lead to external data leakage. The session will conclude with actionable steps for securing Power BI environments.

WHEN & WHERE:

No-Code CTF Competition

• Live Event: Friday, May 30
• 10:00 am - 2:00 pm
• Room: 118
• Location: OWASP 2025 Global AppSec, Fira Barcelona Conference Center

Conference Session

• To BI or Not to BI? Data Leakage Tragedies with Power BI Reports
• Thursday, May 29, 2025, 3:30 pm – 4:15 pm CET
• Room 113, Fira Barcelona Conference Center

HOW: To schedule a conversation with Nokod Security about no-code and BI platform security contact Marc Gendron at marc@mgpr.net or +1 617.877.7480.

About Nokod Security
Nokod Security is the security company for no-code application development. The Nokod Security Platform protects enterprises from risks introduced by no-code applications across Microsoft Power Platform, UiPath, Salesforce, ServiceNow, and more. Founded by cybersecurity veterans from Imperva and SecuredTouch (now Ping Identity), Nokod is backed by Acrew Capital, Meron Capital, and Flint Capital. Learn more at www.nokodsecurity.com or follow us on X and LinkedIn.