Articles & Reports
Monitor Your SaaS Environment for Three Common SaaS Misconfigurations
Learn about 3 of the most common SaaS misconfigurations missed by security teams and what you need to know about the SaaS risk.
Unpacking (and Preventing) the CircleCI Data Breach
See how one compromised employee laptop spawned the CircleCI data breach — and the measures you can take to secure your SaaS data and platforms.
What is the 0ktapus Breach? The Facts, and the Way Forward
Nearly 10k Okta credentials were compromised due to the 0ktapus phishing scam. Learn the details and how to protect yourself from similar attacks.
Auto-Remediation in SaaS Security
Auto-Remediation is highly requested in SaaS Security – but when is it the best practice? Learn more about the realities and challenges of auto-remediation in
SSPM vs CSPM: Do Enterprises Need a New Security Posture?
SSPM vs. CSPM: Do Enterprises Need a New Solution to Secure SaaS Data? As SaaS Security Posture Management (SSPM) solutions emerge, evaluating their role and
Navigating InfoSec Requirements of
APRA CPS 234
See how Australian financial services organizations — and their SaaS providers — can comply with this critical regulation’s information security standards.
What the U.S. Cybersecurity Strategy Means for SaaS Apps
See why new White House cybersecurity guidelines make the shared responsibility model and proper security tooling more essential than ever.
The Need for Privileged Identity Management (PIM)
Learn how to ensure the bare minimum of privileged access is granted to the right people, at the right time, and for as long as
Okta PassBleed Risks – Technical Overview
A detailed and technical look at the Okta PassBleed risks related to password stealing and user impersonation.
Payroll Fraud: Analyzing the Attack Lifecycle of a Direct Deposit Scam
Learn how direct deposit payroll fraud occurs and how to identify the signals available in audit logs to support threat hunting & detection.
Importance of Continuous Monitoring and Automated Threat Testing for SaaS
The Importance of Continuous Monitoring and Automated Threat Testing for SaaS The harsh reality is that the security tools that the vast majority of companies
How SaaS Security Became One Of The Most Overlooked Threats In The Enterprise
AppOmni CEO Brendan O’Connor discusses why SaaS security continues to lag far behind security for other types of technology…
AppOmni Raises $70M to Find & Secure Vulnerabilities in SaaS App Stacks
AppOmni—which has built a platform not just to connect with and secure SaaS apps, but to seek out and help fix vulnerabilities…
The AppOmni SaaS Security Checklist
The AppOmni SaaS Security Checklist contains seven key categories and is a guide for organizations looking to build successful…
AppOmni Research Discovers Major Security Misconfiguration Impacting ServiceNow and Other SaaS Instances
Major Security Misconfiguration Impacting ServiceNow and Other SaaS Instances Discovered Nearly 70% of Tested Instances Are Leaking Data.
The Growing Importance of SaaS Security
As more valuable data is processed using SaaS, hackers will increasingly target these applications to breach sensitive data.
Learning from the State of Washington’s Data Breach
It’s not surprising to hear about another data breach in the news, especially one involving a large SaaS deployment like the State of Washington announced
7 Steps to Stronger SaaS Security
Continuous monitoring is key to keeping up with SaaS changes, but that’s not all you’ll need to get better visibility into your SaaS security.
SaaS misconfigurations lead to cybersecurity incidents
The Cloud Security Alliance (CSA) found that 43% of orgs have dealt with one or more security incidents caused by a SaaS misconfiguration…
Rethinking Data Security for SaaS Platforms and Applications
Despite enterprise best efforts, data security (especially in cloud services) continues to be a growing risk. Traditional processes and solutions haven’t been…
How to Avoid Introducing Salesforce Security Vulnerabilities When Building Custom Lightning Components in Apex
Avoid Salesforce Security Vulnerabilities When Building Custom Lightning Components in Apex Introduction This is a follow up to an article and blog post AppOmni Offensive
Salesforce Guest User Log Analysis
Salesforce Guest User Log Analysis Introduction In early October 2020, Security Researcher Aaron Costello, now offensive security engineer at AppOmni, published an influential blog detailing
3rd Party Risk in Salesforce Named Credentials
This article provides an overview of Named Credentials, a feature introduced by Salesforce in the Spring ’15 release to combat the issue of hardcoded credentials
Salesforce Lightning Components-A Treatise on Apex Security
This article will describe the architecture of Lightning Aura components, how a call to an Apex method with parameters.
Pentests Often Miss 6 Critical SaaS Security Issues. Here’s Why.
While pentests do offer significant value to security organizations, they also have some notable drawbacks that must be…
How Third-Party Apps Can Compromise The Security Of SaaS Environments
The risks from 3rd party apps have always been a concern for security teams. The SolarWinds breach is an example of…
A Guide to SaaS Security Posture Management
In this guide, we’ll examine the unique security challenges associated with SaaS and the need for a new category of products to manage SaaS since
Common Security Practices Don’t Fully Protect Today’s Enterprise SaaS Platforms
Enterprises are investing in SaaS at a record high with Gartner estimating that 95 percent of new enterprise applications purchases are cloud-based. At the same time, SaaS
Securing SaaS Apps with an Expanded and Remote Workforce
Enterprises are fast-tracking their adoption of remote work technologies. Leveraging SaaS to enable this transition allows enterprises to overcome the hurdles associated with…
Treating SaaS as the Critical Infrastructure it is
Enterprise applications support the vital activities of every line of business within an organization. Despite the importance and growing reliance on these apps…
Data Security in the SaaS Age
SaaS is rapidly becoming critical infrastructure for many companies. Despite enterprise best efforts, data security (especially in cloud services) continues to be a growing risk.
A Comparison of SaaS Data Security and Open S3 Buckets
S3 draws its strength from the sheer speed, fluidity, and volume with which it handles data. The same can be said of the SaaS applications
SaaS Security Best Practices in #WFH World
For enterprise IT leaders looking to secure their at-home workforce in a SaaS-driven world, a number of best practices can help to move the needle…
Get A Free Risk Assessment
Find out who and what has access to your SaaS data and determine whether your security configurations match your business intent.