DigitSec | Salesforce Security Scanner & Penetration Testing

Latest News

Here’s the latest and greatest of what’s happening at DigitSec

PCI for Commerce Cloud

We’ve mapped out how DigitSec S4 can assist with executing PCI DSS compliance requirements for Salesforce Commerce Cloud.

Security Blind Spots #2

Our CEO, Waqas & Rachel Beard, Distinguished Security Technical Architect at Salesforce discuss insider threats, data exfiltration & more on 8/30.

Case Study

By using S4’s powerful Salesforce security scanners, InCountry saved over 1000 dev hours and released their app ahead of schedule.

"You build on Salesforce and we help secure it so that you can innovate with confidence."

- Waqas Nazir, DigitSec Founder & CEO

Security is a Shared Responsibility

Because of the Shared Responsibility Model, protecting your data is a JOINT responsibility between you and Salesforce. Salesforce is quite secure when initially deployed. But as soon as you customize it, you’re responsible for any security risks you create.

Salesforce's Responsiblity

Your Responsibility

Custom Code
3rd-Party Libraries
Configurations
Installed Cartridges
User Accounts & Permissions
Device Security
Compliance requirements
PII and Other Data

"Salesforce's shared security model means that companies also have to apply their own vigilance and protection. It's critical to use tools like DigitSec S4 to secure your Salesforce org, and to integrate them tightly into the development lifecycle."

- Andrew Davis, Senior Product Director at Copado

"We Added Security to Our Development Process"

“We take security at Hanna Andersson very seriously and wanted to implement consistent security controls for our custom development on Salesforce Commerce Cloud. DigitSec’s security solution enabled us to bake security into our development process. Our technical team found DigitSec easy to integrate into our processes for automated security testing. DigitSec’s support was unmatched and it is great to have DigitSec as a partner in our security journey.”

– Shay Reddy, Senior Director, Infrastructure & Cyber Security

"We Accelerated Salesforce Security"

“Due to the streamlined security testing in our development pipeline, InCountry ran S4 four times daily, with each and every release commit. This empowered our developers to remediate application security bugs minutes after coding them. The quick cycle of finding vulnerabilities and fixing them on the same day was key to accelerating our SDLC and at the end of day, our app’s secure deployment in the AppExchange.”

– Renne’ Devasia, InCountry Chief Compliance & Security Officer

Why DigitSec for Salesforce Security?

Secure your code, libraries, apps & Org with one solution.

Accelerate deployment by reducing false positives.

Empower developers & admins to fix vulnerabilities.

Establish DevSecOps in the CI/CD pipeline to reduce risk.

"DigitSec S4 helps to redefine how DevSecOps can work efficiently in CI/CD pipelines by automating what were once difficult and manual tasks."

- Frank J. Ohlhorst, eWeek

Unparalleled
Technology

S4 is the only comprehensive Salesforce security scanner that performs four targeted & integrated scans, including penetration testing, designed to work together:

• Static Source Code Analysis (SAST)
• Interactive Runtime Testing (IAST)
• Software Composition Analysis (SCA)
• Cloud Security Configuration Review

Click here to learn more.

Security & Trust

DigitSec is a Registered Salesforce ISV Partner

Partners

Compliance

Security

CRUD/FLS Flaws (Authorization Bypass)
Reflected Cross-site Scripting (XSS)
Stored Cross-site Scripting (XSS)
DOM Based Cross-site Scripting (XSS)
Lightning Components Security (DOM, XSS, CRUD)
SOQL & SOSL Injection
Cross-site Request Forgery (CSRF)

Common Vulnerabilities and Exposures (CVE)
Weak Session Management
Weak Integration Endpoints (Remote sites, CSP, CORS)
Weak Password Controls
Clickjacking Attacks
Access Control (Excessive Permissions)
Weak Cryptography

Have questions about your Salesforce security?

Feel free to contact us anytime about your Salesforce security scanning and penetration testing needs.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.