Read about a significant data exposure issue we discovered in Microsoft Power Pages.

Author: Aaron Costello

Filter by

AO Labs, Blog

Microsoft Power Pages: Data Exposure Reviewed

Learn about a data exposure risk in Microsoft Power Pages due to misconfigured access controls, highlighting the need for better security and…
AO Labs, Blog

Enterprise ServiceNow Knowledge Bases at Risk: Extensive Data Exposures Uncovered

Read the blog to learn about ServiceNow’s Knowledge Base data exposure risks and how to mitigate these issues.
AO Labs, Blog

Potential Widespread Data Exposure Analysis: Oracle NetSuite

Read the blog for an analysis on the potential data exposure of Oracle NetSuite with a thorough understanding of NetSuite access control…
Blog

SaaS Risks in Healthcare: Anatomy of a Data Exposure at the HSE

SaaS Security Engineer Aaron Costello explains how to handle sensitive data in SaaS apps, as learned from misconfiguration in Ireland’s vaccination portal…
Blog

Balancing Act: Navigating the Advantages and Risks of ServiceNow’s New Security Attributes

Security Attributes offer an alternative method for access control via role definitions, designed to be human-readable and offer detailed auditing and logging.
AO Labs, Blog

A Technical Analysis and Lessons From The Recent Service Now Misconfiguration Risks

Learn more about the ServiceNow updates to mitigate ACL misconfiguration risks and how to avoid regressing your organization’s data security posture moving…
AO Labs, Blog

Salesforce Misuse of Platform Cache Leads to Widespread Data Exposure

Learn how Salesforce Platform Cache misuse is causing information disclosure in over 80% of implementations handling sensitive data.
AO Labs, Blog

Major Security Misconfiguration Impacting ServiceNow and Other SaaS Instances Discovered

Major security misconfiguration impacting ServiceNow and other SaaS instances discovered nearly 70% of tested instances are leaking data.
AO Labs, Blog

Avoid Salesforce Security Vulnerabilities When Building Custom Lightning Components in Apex

Lightning Components offer an unlimited amount of functionality. But security vulnerabilities may be introduced within Apex code exploited by a malicious actor.
AO Labs, Blog

Third-Party Risk in Salesforce Named Credentials

This article provides an overview of Named Credentials, a feature introduced by Salesforce in the Spring ’15 release to combat the issue…