S4 for Salesforce reviews the configurations of a Salesforce org and identifies flaws.
S4 uses a robust client-side static code analysis engine to create call flows to identify CRUD/FLS flaws. It uses data flow analysis to associate Visualforce components to their associated controllers. This information is then used by a white-box fuzzer to identify injection vulnerabilities.
S4 uses white-box fuzzing to rapidly identify injection flaws within Force.com code. All vulnerabilities identified during run-time testing contain Proof of Concept (PoC) exploits. This ensures there are no false positives.
S4 launches the custom fuzzer in the installed organization and can be scaled out to as many organizations as needed. All code analyzed remains within the organization preserving intellectual property of the code base.
You don’t need an expert to run S4. With one click, you get an Application Security Report comprised of detailed findings.
Each finding is prioritized based on risk and impact to data.
S4 produces clear guidance on how to effectively fix findings.