DigitSec | Salesforce Security Scanner & Penetration Testing

Latest News

Here’s the latest and greatest of what’s happening at DigitSec

Salesforce Input Evils

Watch Salesforce security experts from DigitSec and WithSecure discuss the evils of cloud inputs and what you can do to protect your data.

Salesforce App Sec

Our Salesforce Application Security Guide contains expert opinions and stories of innovation designed to help leaders better secure Salesforce.

Platinum7 Case Study

Learn how Platinum7 helps protect client Salesforce data using automated security scanning as a main tool in their detailed security assessments.

Data Leakage

KrebsOnSecurity found “a shocking number of organizations” are experiencing data leakage from their Salesforce Community sites.

"Salesforce's shared security model means that companies also have to apply their own vigilance and protection. It's critical to use tools like DigitSec to secure your Salesforce org, and to integrate them tightly into the development lifecycle."

- Andrew Davis, Senior Product Director at Copado

Security is a Shared Responsibility

Because of the Shared Responsibility Model, protecting your data is a JOINT responsibility between you and Salesforce. Salesforce is quite secure when initially deployed. But as soon as you customize it, you’re responsible for any security risks you create.

Listen to what Andy Ognenoff from Accenture has to say about the Shared Security Model.

Salesforce's Responsiblity

Your Responsibility

Custom Code
3rd-Party Libraries
Configurations
Installed Cartridges
User Accounts & Permissions
Device Security
Compliance requirements
PII and Other Data

"DigitSec helped us through the Salesforce AppExchange security review process. It is a good product and [it's] beneficial in the security review process as well as helping us remain compliant in the continuous development arena."

- Dan Szymczak, Senior Director, Product at Engaging Networks

"We Added Security to Our Development Process"

“We take security at Hanna Andersson very seriously and wanted to implement consistent security controls for our custom development on Salesforce Commerce Cloud. DigitSec’s security solution enabled us to bake security into our development process. Our technical team found DigitSec easy to integrate into our processes for automated security testing. DigitSec’s support was unmatched and it is great to have DigitSec as a partner in our security journey.”

– Shay Reddy, Senior Director, Infrastructure & Cyber Security

"We Accelerated Salesforce Security"

“Due to the streamlined security testing in our development pipeline, InCountry ran S4 four times daily, with each and every release commit. This empowered our developers to remediate application security bugs minutes after coding them. The quick cycle of finding vulnerabilities and fixing them on the same day was key to accelerating our SDLC and at the end of day, our app’s secure deployment in the AppExchange.”

– Renne’ Devasia, InCountry Chief Compliance & Security Officer

Automation & Accuracy Saves Time, Money & Resources

Automated scanning means faster and more thorough detection.
Do more with less resources through automation.
Four powerful scans and over 120 custom rules means more accuracy
More accurate results means less time spent on false-positives and non-applicable issues.
Save development time, deploy faster, and release more securely.

"DigitSec helps to redefine how DevSecOps can work efficiently in CI/CD pipelines by automating what were once difficult and manual tasks."

- Frank J. Ohlhorst, eWeek

Unparalleled
Technology

DigitSec is the only comprehensive Salesforce security scanner that performs four targeted & integrated scans, including penetration testing, designed to work together:

• Static Source Code Analysis (SAST)
• Interactive Runtime Testing (IAST)
• Software Composition Analysis (SCA)
• Cloud Security Configuration Review

Click here to learn more.

Security & Trust

DigitSec is a Registered Salesforce ISV Partner

Partners

Compliance

Security

CRUD/FLS Flaws (Authorization Bypass)
Reflected Cross-site Scripting (XSS)
Stored Cross-site Scripting (XSS)
DOM Based Cross-site Scripting (XSS)
Lightning Components Security (DOM, XSS, CRUD)
SOQL & SOSL Injection
Cross-site Request Forgery (CSRF)

Common Vulnerabilities and Exposures (CVE)
Weak Session Management
Weak Integration Endpoints (Remote sites, CSP, CORS)
Weak Password Controls
Clickjacking Attacks
Access Control (Excessive Permissions)
Weak Cryptography

Have questions about your Salesforce security?

Feel free to contact us anytime about your Salesforce security scanning and penetration testing needs.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.