Salesforce DevSecOps is in State of Arrested Development
In case you missed our founder’s April article in Security Boulevard, here are a few highlights:
“…when Salesforce is modified to streamline data access and boost business productivity, its attack surface grows, increasing the risk of breach and violating the initial compliance status.”
“In my years of penetration testing SaaS applications, I’ve discovered most customized deployments have high-risk vulnerabilities hiding in them.”
“Salesforce vulnerabilities are hard to detect because…general-purpose application security testing solutions don’t address the unique vulnerabilities created by SaaS customization and development.”
“Protecting user data is the joint responsibility of Salesforce and its users, but Salesforce is not responsible for any security vulnerabilities created by user development and customization. Users must validate and fix any vulnerabilities they introduce if they wish to maintain a secure and compliant Salesforce environment.”
As a leading world expert on Salesforce DevOps vulnerabilities, Waqas Nazir is among the first to call out the Salesforce “arrested development” problem. Of course, you can read the entire article here, including Waqas’ list of top dev-related vulnerabilities to look out for.