AO Labs
SaaS Security Industry’s Leading Research Team
We’re dedicated to discovering and analyzing SaaS risks and vulnerabilities. Our insights help strengthen the AppOmni platform, educate security practitioners, and promote SaaS security best practices. AO Labs focuses its efforts on the most business-critical SaaS platforms.
AO Labs Research Articles
Unpacking (and Preventing) the CircleCI Data Breach
See how one compromised employee laptop spawned the CircleCI data breach — and the measures you can take to secure your SaaS data and platforms.
Navigating InfoSec Requirements of
APRA CPS 234
See how Australian financial services organizations — and their SaaS providers — can comply with this critical regulation’s information security standards.
Okta PassBleed Risks – Technical Overview
A detailed and technical look at the Okta PassBleed risks related to password stealing and user impersonation.
Payroll Fraud: Analyzing the Attack Lifecycle of a Direct Deposit Scam
Learn how direct deposit payroll fraud occurs and how to identify the signals available in audit logs to support threat hunting & detection.
AppOmni Research Discovers Major Security Misconfiguration Impacting ServiceNow and Other SaaS Instances
Major Security Misconfiguration Impacting ServiceNow and Other SaaS Instances Discovered Nearly 70% of Tested Instances Are Leaking Data.
How to Avoid Introducing Salesforce Security Vulnerabilities When Building Custom Lightning Components in Apex
Avoid Salesforce Security Vulnerabilities When Building Custom Lightning Components in Apex Introduction This is a follow up to an article and blog post AppOmni Offensive
Salesforce Guest User Log Analysis
Salesforce Guest User Log Analysis Introduction In early October 2020, Security Researcher Aaron Costello, now offensive security engineer at AppOmni, published an influential blog detailing
3rd Party Risk in Salesforce Named Credentials
This article provides an overview of Named Credentials, a feature introduced by Salesforce in the Spring ’15 release to combat the issue of hardcoded credentials
Salesforce Lightning Components-A Treatise on Apex Security
This article will describe the architecture of Lightning Aura components, how a call to an Apex method with parameters.
Get A Free Risk Assessment
Find out who and what has access to your SaaS data and determine whether your security configurations match your business intent.