In-depth research and content produced by the world's leading SaaS security experts.
AO Labs is the research group within AppOmni. We deliver unbiased information and education to help security practitioners improve SaaS security.
Written by security researchers and engineers, our in-depth research is intended to educate and provide actionable information to mitigate risk. AO Labs focuses its efforts on the most business-critical SaaS platforms.
Featured Content
ARTICLE
Avoid SFDC Vulnerabilities When Building Custom Lightning Components in Apex
This is a follow up to an article and blog post AppOmni Offensive Security Engineer Aaron Costello wrote in October 2020. This article discusses some of the most common security issues and how to mitigate those issues.
ARTICLE
Third-Party Risk In Salesforce Named Credentials
This article provides an overview of Named Credentials, a feature introduced by Salesforce in the Spring ’15 release to combat the issue of hardcoded credentials within an organization’s Apex codebase.
ARTICLE
Understanding Salesforce Flows & Common Security Risks
This article discusses the security nuances unique to Salesforce Flow development as well as permission management pitfalls. Aaron Costello also shares how organizations can combat those pitfalls.
ARTICLE
Salesforce Lightning Components: A Treatise On Apex Security
This article describes the architecture of Lightning Aura components, how a call to an Apex method with parameters crafted from nothing but the provided Javascript signature, and security best practices for using these components safely.
ARTICLE
Salesforce Guest User Log Analysis
Salesforce has two primary avenues for obtaining event data from a Salesforce org: Event Monitoring and Real-Time Event Monitoring. Discussing the specific differences between these two offerings is outside the scope of this article; however, the essential highlights are as follows:
Request an AppOmni Demo
AppOmni’s SaaS security management platform gives security and IT teams an easy and automated way to secure their SaaS data and environments.