The Leader in SaaS Security Threat Research
AppOmni’s cybersecurity expert researchers discovers, analyzes, and discloses SaaS risks and vulnerabilities to strengthen the AppOmni platform and promote SaaS security best practices.
-
Detecting ShinyHunters/UNC6040 Vishing Campaigns in Salesforce OAuth Attacks
Spot UNC6040 vishing attacks, secure OAuth apps, boost SaaS security with AppOmni’s Threat Detection.
-
Post-Incident CRM Forensics: Why Deploying AppOmni Is a Best Practice
OAuth abuse exposes SaaS data. AppOmni’s threat detection and security posture management shut it down.
-
Salesforce Industry Clouds: 0-days and Exploitable Misconfigs
AppOmni’s latest research reveals 20+ OmniStudio security flaws, including 5 CVEs affecting Salesforce industry clouds. Learn how misconfigurations expose sensitive data and how to secure your org.
-
Low-Code, High Stakes: Why Security Can’t Be an Afterthought for Customers Using Salesforce Industry Clouds
New research reveals critical security flaws in Salesforce industry clouds. Discover the risks and how to protect your organization now.
-
Microsoft Power Pages: Data Exposure Reviewed
Learn about a data exposure risk in Microsoft Power Pages due to misconfigured access controls, highlighting the need for better security and monitoring.
-
Enterprise ServiceNow Knowledge Bases at Risk: Extensive Data Exposures Uncovered
Read the blog to learn about ServiceNow’s Knowledge Base data exposure risks and how to mitigate these issues.
-
Potential Widespread Data Exposure Analysis: Oracle NetSuite
Read the blog for an analysis on the potential data exposure of Oracle NetSuite with a thorough understanding of NetSuite access control model, basic SuiteCommerce concepts and more.
-
Salesforce Community Cloud Scanner
Learn how to secure your Salesforce Community websites from data exposure risks with support from the AO Labs threat research team.
-
SaaS Risks in Healthcare: Anatomy of a Data Exposure at the HSE
SaaS Security Engineer Aaron Costello explains how to handle sensitive data in SaaS apps, as learned from misconfiguration in Ireland’s vaccination portal (HSE).
-
Balancing Act: Navigating the Advantages and Risks of ServiceNow’s New Security Attributes
Security Attributes offer an alternative method for access control via role definitions, designed to be human-readable and offer detailed auditing and logging.
-
A Technical Analysis and Lessons From The Recent Service Now Misconfiguration Risks
Learn more about the ServiceNow updates to mitigate ACL misconfiguration risks and how to avoid regressing your organization’s data security posture moving forward.
-
Admin Account Takeover Leads to Full SSO Compromise During AO Labs Research
Discover how AO Labs achieved read/write access of over 200K users & staff on a leading service provider’s Okta instance.
-
Salesforce Misuse of Platform Cache Leads to Widespread Data Exposure
Learn how Salesforce Platform Cache misuse is causing information disclosure in over 80% of implementations handling sensitive data.
-
AO Labs Notes An Over 300% Increase in SaaS Attacks
Learn about the significant upward trend in threat activity on Salesforce Community Sites targeting customer-side misconfigurations.
-
Major Security Misconfiguration Impacting ServiceNow and Other SaaS Instances Discovered
Major security misconfiguration impacting ServiceNow and other SaaS instances discovered nearly 70% of tested instances are leaking data.
-
Avoid Salesforce Security Vulnerabilities When Building Custom Lightning Components in Apex
Lightning Components offer an unlimited amount of functionality. But security vulnerabilities may be introduced within Apex code exploited by a malicious actor.
-
Third-Party Risk in Salesforce Named Credentials
This article provides an overview of Named Credentials, a feature introduced by Salesforce in the Spring ’15 release to combat the issue of hardcoded credentials within an organization’s Apex codebase.
-
Understanding Salesforce Flows and Common Security Risks
Discover how Salesforce Flow Builder simplifies process automation and the key security risks and permission pitfalls to address for safe implementation.
-
Salesforce Lightning Components
Get to know the architecture behind Lightning Aura components and learn how a call to an Apex method with parameters.