How S4 identiﬁed over 2000 vulnerabilities in a public, tech
company’s Salesforce environment.
Identifying risks to data in Salesforce with S4
A public tech company known for its ability to manage digital transactions securely has been
customizing and developing on Salesforce since 2008. When the General Data Protection Regulation
(GDPR) came into effect in late May of 2018, the company’s internal security team reached out to
DigitSec, Inc. to perform a security scan of their entire Salesforce environment. They had previously
relied on a third-party to handle all of their Salesforce customizations, but were not sure whether or not
the third-party has used security best practices during the development process. DigitSec, Inc. was
chosen to perform the scan, due to S4’s ability to analyze all code directly in the organization.
Within hours of launching its security scan of the company’s Salesforce environment, S4 was able to
rapidly identify over 2000 threats to their data. S4’s speed and efﬁciency stems from its unique
application of static code analysis and runtime testing. Static code analysis is used by creating call ﬂows
to identify CRUD/FLS ﬂaws. Runtime testing plays a role by utilizing white-box fuzzing to identify
injection ﬂaws. After these ﬂaws are identiﬁed, they are backed up with Proof of Concept (PoC) exploits
to ensure there are no false positives.
S4 - SaaS Security Scanner for Salesforce (S4), is a security tool developed by DigitSec, Inc. that protects
Salesforce organizations from hackers and data breaches. S4 does this by utilizing static code analysis
and runtime testing to identify threats and vulnerabilities in Apex code written in the Force.com
development environment. As the leading SaaS application security provider, S4 is committed to
providing scans which are both robust and thorough. In accordance with that, S4 can be easily scaled out
for large organizations and provides Proof of Concept (PoC) exploits for all injection ﬂaws uncovered.
S4 - SaaS Security Scanner for Salesforce
Stopping Hackers in Their Tracks
Failure to meet GDPR compliance can result
in ﬁnes as large as £20 million or 4% or your
company’s annual global turnover - whichever
The GDPR is a legal framework that sets
guidelines for the collection and processing of
personal information of idividuals within the