AO Labs offers in-depth research and content produced by the world's leading SaaS security experts.
AO Labs is the research group within AppOmni. We deliver unbiased information and education to help security practitioners improve SaaS security.
Written by security researchers and engineers, our in-depth research is intended to educate and provide actionable information to mitigate risk. AO Labs focuses its efforts on the most business-critical SaaS platforms.
ARTICLE
The Need for Privileged Identity Management (PIM)
Learn how to ensure the bare minimum of privileged access is granted to the right people, at the right time, and for ...
ARTICLE
Payroll Fraud: Analyzing the Attack Lifecycle of a Direct Deposit Scam
Learn how direct deposit payroll fraud occurs & how to identify the signals available in audit logs to support threat hunting & detection...
ARTICLE
Okta PassBleed Risks - A technical Overview
A detailed and technical look at the Okta PassBleed risks related to password stealing and user impersonation...
ARTICLE
Security Misconfigurations Impacting ServiceNow & Other SaaS instances
Nearly 70% of tested instances are leaking data through improper customer ACL configurations...
ARTICLE
Avoid SFDC Vulnerabilities When Building Custom Lightning Components
This is a follow up to an article and blog post AppOmni Offensive Security Engineer Aaron Costello wrote in October 2020...
ARTICLE
Third Party Risk In Salesforce Named Credentials
This article provides an overview of Named Credentials, a feature introduced by Salesforce in the Spring ’15 release to...
ARTICLE
Understanding Salesforce Flows & Common Security Risks
This article discusses the security nuances unique to Salesforce Flow development as well as permission management pitfalls...
ARTICLE
Salesforce Lightning Components: A Treatise On Apex Security
Learn the architecture of Lightning Aura components & how a call to an Apex method with parameters crafted from nothing...
ARTICLE
Salesforce Guest User
Log Analysis
Salesforce has two primary avenues for obtaining event data from a Salesforce org: Event Monitoring and Real-Time Event...
