SaaS Security Threat Research - AppOmni

PRODUCT

Identify, protect, detect, and respond to SaaS and AI threats

The AppOmni Platform

Secure your mission-critical SaaS apps and agents in SaaS

Autonomous correlation and investigations of SaaS findings

GenAI SaaS security assistant

SaaS Compliance

Get audit-ready without the manual work

MANAGED SERVICES

Expert SaaS security without added headcount

SaaS and agentic AI threat hunting service

Expert-led support for SaaS and AI security

COMPANY

Safeguarding your SaaS

Who we are, learn our mission

How the world’s leading companies secure their SaaS & AI

Get answers on SaaS & AI security

Join the Team

Learn about career opportunities at AppOmni

AppOmni in the news

Trust Center

Protecting your data

Meet us in person

Featured Resources

The Leader in SaaS Security Threat Research

AppOmni’s cybersecurity expert researchers discovers, analyzes, and discloses SaaS risks and vulnerabilities to strengthen the AppOmni platform and promote SaaS security best practices.

AO Labs, Blog

Detecting ShinyHunters/UNC6040 Vishing Campaigns in Salesforce OAuth Attacks

Spot UNC6040 vishing attacks, secure OAuth apps, boost SaaS security with AppOmni’s Threat Detection.
AO Labs, Blog

Post-Incident CRM Forensics: Why Deploying AppOmni Is a Best Practice

OAuth abuse exposes SaaS data. AppOmni’s threat detection and security posture management shut it down.
AO Labs, Blog

Low-Code, High Stakes: Why Security Can’t Be an Afterthought for Customers Using Salesforce Industry Clouds

New research reveals critical security flaws in Salesforce industry clouds. Discover the risks and how to protect your organization now.
AO Labs

Salesforce Industry Clouds: 0-days and Exploitable Misconfigs

AppOmni’s latest research reveals 20+ OmniStudio security flaws, including 5 CVEs affecting Salesforce industry clouds. Learn how misconfigurations expose sensitive data and how to secure your org.
AO Labs, Blog

Microsoft Power Pages: Data Exposure Reviewed

Learn about a data exposure risk in Microsoft Power Pages due to misconfigured access controls, highlighting the need for better security and monitoring.
AO Labs, Blog

Enterprise ServiceNow Knowledge Bases at Risk: Extensive Data Exposures Uncovered

Read the blog to learn about ServiceNow’s Knowledge Base data exposure risks and how to mitigate these issues.
AO Labs, Blog

Potential Widespread Data Exposure Analysis: Oracle NetSuite

Read the blog for an analysis on the potential data exposure of Oracle NetSuite with a thorough understanding of NetSuite access control model, basic SuiteCommerce concepts and more.
AO Labs

Salesforce Community Cloud Scanner

Learn how to secure your Salesforce Community websites from data exposure risks with support from the AO Labs threat research team.
Blog

SaaS Risks in Healthcare: Anatomy of a Data Exposure at the HSE

SaaS Security Engineer Aaron Costello explains how to handle sensitive data in SaaS apps, as learned from misconfiguration in Ireland’s vaccination portal (HSE).
Blog

Balancing Act: Navigating the Advantages and Risks of ServiceNow’s New Security Attributes

Security Attributes offer an alternative method for access control via role definitions, designed to be human-readable and offer detailed auditing and logging.
AO Labs, Blog

A Technical Analysis and Lessons From The Recent Service Now Misconfiguration Risks

Learn more about the ServiceNow updates to mitigate ACL misconfiguration risks and how to avoid regressing your organization’s data security posture moving forward.
AO Labs, Blog

Admin Account Takeover Leads to Full SSO Compromise During AO Labs Research

Discover how AO Labs achieved read/write access of over 200K users & staff on a leading service provider’s Okta instance.
AO Labs, Blog

Salesforce Misuse of Platform Cache Leads to Widespread Data Exposure

Learn how Salesforce Platform Cache misuse is causing information disclosure in over 80% of implementations handling sensitive data.
AO Labs, Blog

AO Labs Notes An Over 300% Increase in SaaS Attacks

Learn about the significant upward trend in threat activity on Salesforce Community Sites targeting customer-side misconfigurations.
AO Labs, Blog

Major Security Misconfiguration Impacting ServiceNow and Other SaaS Instances Discovered

Major security misconfiguration impacting ServiceNow and other SaaS instances discovered nearly 70% of tested instances are leaking data.
AO Labs, Blog

Avoid Salesforce Security Vulnerabilities When Building Custom Lightning Components in Apex

Lightning Components offer an unlimited amount of functionality. But security vulnerabilities may be introduced within Apex code exploited by a malicious actor.
AO Labs, Blog

Third-Party Risk in Salesforce Named Credentials

This article provides an overview of Named Credentials, a feature introduced by Salesforce in the Spring ’15 release to combat the issue of hardcoded credentials within an organization’s Apex codebase.
AO Labs, Blog

Understanding Salesforce Flows and Common Security Risks

Discover how Salesforce Flow Builder simplifies process automation and the key security risks and permission pitfalls to address for safe implementation.
AO Labs, Blog

Salesforce Lightning Components

Get to know the architecture behind Lightning Aura components and learn how a call to an Apex method with parameters.