Platform

S4 for Salesforce – our patented SaaS Security Scanner™ platform – automatically assesses Salesforce security posture with its continuous full-spectrum coverage of source code analysis (SAST), software composition analysis (SCA), custom runtime testing (IAST), and cloud security configuration review providing easy integration with your Salesforce DevOps pipeline.


Our static application security testing (SAST) engine is a core feature of S4, providing automated scanning and analysis of all custom source code in your Salesforce Org including Apex, VisualForce, Lightning Web Components, and related-JavaScript, identifying any security vulnerabilities in the code which could be exploited. S4 SAST scans can also be initiated from your favorite IDE (e.g. VS Code or IntelliJ), aimed at your remote code repositories via GIT (e.g. GitHub, GitLab, Bitbucket), or directed to your Salesforce sandbox or production environment.


Based on its SAST scan, S4 then generates a custom runtime testing engine specific to your Salesforce Org which rapidly identifies injection flaws during its interactive application security testing (IAST).  All runtime vulnerabilities contain proof-of-concept exploits, significantly reducing false positives in your report as S4 is only reporting those runtime vulnerabilities that can be executed and verified.


Third-party software libraries are integral components of nearly all Salesforce apps. These referenced software libraries must be updated or replaced when security vulnerabilities are discovered and publicly reported; otherwise, your Org is at risk of breach from these known supply-chain security exploits. Our software composition analysis scanner reports any Common Vulnerabilities and Exposures (CVE) found in a Salesforce org. Almost every developer relies on outside libraries to get the job done and even if something is secure today, it may be vulnerable tomorrow. Efficient and constant vigilance is required. S4’s Software Composition Analysis scans deliver.


S4 thoroughly reviews your Salesforce org configuration settings against a known list of Salesforce misconfigurations (e.g. content security policy, password settings, access controls, clickjacking, etc.) to support security and privacy compliance in many global standard frameworks including GDPR, ISO27001, PCI-DSS, GLBA, APPI and HIPAA.

Salesforce contains an enterprise’s most sensitive data, from customer personally identifiable information (PII) to key opportunity deal flow, as well as API connections into core backend systems. While annual assessments & penetration tests are a good baseline, new vulnerabilities surface daily. Only continuous and automated coverage can keep you fully aware of your Salesforce security posture and assured of meeting your compliance requirements.

Reporting

Always-on protection. Unlimited applications, scans and lines of code.

S4 for Salesforce - Application Security Assessment Report

After its four deep scans, S4 generates a comprehensive security assessment report. All the vulnerability findings, including remediation suggestions, can easily be integrated into your CI/CD pipeline via the S4 Vulnerability API or Jira Connector.

Download an S4 Sample Report to see a few security vulnerability findings for yourself.

Integrations

Agile Planning, CI/CD, IDE, Code Repositories

Vulnerability Coverage

Purpose-Built for Salesforce DevSecOps with Comprehensive Coverage

S4 Compliance Coverage

S4 helps you stay compliant with GDPR, HIPAA, ISO-27001, PCI-DSS, GLBA, and APPI.

Click below on a compliance framework logo to learn about how S4 can help you prioritize and meet your requirements:

Plans & Pricing

We offer flexible annual or monthly plans based on the size of your codebase & metadata.

DigitSec recognizes that security requires constant vigilance. Our pricing model allows for an unlimited number of users with access to our scanning tools and reports as well as unlimited numbers of scans for each enrolled organization.

Major cyber attacks seem to capture the headlines almost every month, but there are also substantial numbers of attacks that go unreported, or worse, undetected. Loss of business momentum, reputational risk, loss of confidentiality and potential legal liability are only some of the impacts of a successful breach. The question truly becomes, how can you afford not to have a tool that regularly evaluates your Salesforce security posture and offers clear guidance on how to resolve vulnerabilities?

Sign up to get updates and security insights from DigitSec