In-depth research and content produced by our security researchers and engineers.
AO Labs is the research group within AppOmni. We deliver unbiased information and education to help security practitioners improve SaaS security.
Written by security researchers and engineers, our in-depth research is intended to educate and provide actionable information to mitigate risk. AO Labs focuses its efforts on the most business-critical SaaS platforms.
Avoid SFDC Vulnerabilities When Building Custom Lightning Components in Apex
This is a follow up to an article and blog post AppOmni Offensive Security Engineer Aaron Costello wrote in October 2020. This article discusses some of the most common security issues and how to mitigate those issues. Links to the first article and full technical paper are below.
Third-Party Risk In Salesforce Named Credentials
This article provides an overview of Named Credentials, a feature introduced by Salesforce in the Spring ’15 release to combat the issue of hardcoded credentials within an organization’s Apex codebase.
Understanding Salesforce Flows & Common Security Risks
This article discusses the security nuances unique to Salesforce Flow development as well as permission management pitfalls. Aaron Costello also shares how organizations can combat those pitfalls.
Salesforce Lightning Components: A Treatise On Apex Security
Get A Free Risk Assessment
Misconfiguration is a leading cause of SaaS data breaches.
AppOmni’s research shows that 95% of companies have external users with over-privileged access to data, and more than 55% of companies have sensitive data that’s inadvertently exposed to the anonymous internet.
Our risk assessment delivers visibility into who and what has access to your SaaS data and will help determine whether your security configurations match your business intent.