New research reveals critical security flaws in Salesforce industry clouds.
An 8-Minute Video Tutorial
On April 15, 2022, GitHub published a security blog post identifying compromises in third-party integrations by Heroku, a division of Salesforce, and continuous integration provider Travis CI. The breach is still under investigation and specific causes and details aren’t yet available. But similar breaches caused by third-party apps connected to SaaS platforms via OAuth tokens are unfortunately very common.
AppOmni CEO Brendan O’Connor explains the risks businesses and enterprises face from OAuth tokens and third-party SaaS applications in this 8-minute video.
How many third party apps are connected to SaaS platforms?
AppOmni’s research has found that on average, organizations have 42 third-party applications connected to their enterprise SaaS platforms. These consist of large, well-known applications—such as marketing automation or e-signing—as well as apps from small, lesser-known companies. Third-party SaaS apps can be installed by users at will, and each app introduces an entirely new attack surface. More than half of the connected apps in our data set were installed by end users, as opposed to security or IT teams.
How do OAuth Tokens work?
Many third-party applications connect to SaaS platforms via OAuth tokens. Unlike new users logging into a SaaS environment, OAuth tokens don’t need to authenticate via an identity provider after their initial grant. Instead, they are granted access by a user, and that user’s credentials are essentially duplicated and granted to the app via an OAuth token. Once the app has access to the SaaS platform and data via OAuth, it maintains that access indefinitely until access is revoked. If an organization doesn’t actively manage its OAuth tokens, its SaaS ecosystem likely contains many third-party apps that are no longer used, but that still maintain access to sensitive data.
To reduce risk, security teams need to gain continuous visibility into which third-party apps are connected to their SaaS platforms, understand the level of data access each app has, and continuously monitor and manage their SaaS ecosystem to revoke access for unused apps.
OAuth Token: What It Is, How It Works, and Its Vulnerabilities
Learn how OAuth works and the risks of improper OAuth implementation that may introduce attack vectors on your SaaS estate.
Related Resources
-
19 ways to build zero trust: NIST offers practical implementation guide
“One of the challenges with real world zero trust implementations has always been the existence of multiple policy decision and policy enforcement points,” Brian Soby, CTO at AppOmni, told Help Net Security. “For example, the SaaS applications used by an organization are configured with their own logic about who may access which resources and enforce…
-
Researcher Finds Five Zero-Days and 20+ Misconfigurations in Salesforce Cloud
A cybersecurity researcher has uncovered five zero-day vulnerabilities and over 20 configuration risks in Salesforce’s cloud components. On June 10, Aaron Costello, Chief of SaaS Security Research at AppOmni, released a new report sharing the findings of an investigation into Salesforce’s industry cloud offerings – a suite of solutions designed to enable organizations to build…
-
8 things CISOs have learned from cyber incidents
Many incident-hardened CISOs will shift their approach and their mindset about experiencing an attack first-hand. “You’ll develop an attack-minded perspective, where you want to understand your attack surface better than your adversary, and apply your resources accordingly to insulate against risk,” says Cory Michel, VP security and IT at AppOmni, who’s been on several incident…