Resources

Below is a collection of datasheets, whitepapers, case studies, guides, videos, and other materials.

Datasheets and Whitepapers

S4 DATASHEET

SaaS Security Scanner - S4 for Salesforce

S4 WHITEPAPER

DigitSec S4 - DevSecOps for Salesforce

Compliance

GDPR Compliance

HIPAA & HITECH Compliance

PCI Compliance

ISO 27001 Compliance

APPI Compliance

SOX Compliance

Case Studies

Stopping Hackers In Thier Tracks

IGNORANCE IS NOT BLISS

PROACTIVE SALESFORCE SECURITY

FAQ

Top 10 Most Frequently Asked Questions:

It’s important to understand the Shared Responsibility model for Software as a Service products. As a provider, Salesforce is responsible for security on the day you log in for the first time. They manage the servers, the application and the network. But they also provide an amazingly flexible tool that can adapt to your business needs. That means that as you make modifications and changes, the responsibility for the security of your users, your code, and your data all belong to you. Any modification has the potential to create risk.

Your developers benefit by integrating S4 directly into tools that they already rely on to do their jobs. DigitSec has plug-ins for IntelliJ compatible Integrated Development Environments and Visual Studio Code, one of the most popular open-source IDEs.

We also have integrations for JIRA and Jenkins to help manage bug tracking and deployment. S4 integrates directly with tools your team may already be using as part of your DevOps process.

Finally, S4 provides an Analytics Dashboard to give your team an overview of critical vulnerabilities tagged by risk level. Drill down to see each finding, a description of the vulnerability, a stack trace of the code, and guides to resolving the issue.

Our tool leverages 20 years of cybersecurity experience and integrates directly into tools your DevOps team already relies on.

If you download apps from Salesforce AppExchange or if you’ve just done some Salesforce configuration changes, S4 can be a valuable ally to make sure your organization isn’t accidentally creating vulnerabilities in your user permissions and privileges. Too often, permissions to users and integrated apps are granted too broadly leading to critical vulnerabilities.

Our Source Code Analysis Scan (SAST) creates a foundational set of findings of critical vulnerabilities. Code scanning alone can generate a substantial number of false-positives and miss other types of vulnerabilities. Chasing down false-positives is a waste of time and degrades productivity and security. We feed our SAST findings into our custom runtime testing engine that aligns your Salesforce org with your code and tests for injection flaws and hidden vulnerabilities. Each SAST finding is validated as a true-positive by demonstrating a proof-of-concept exploit in our reports. The result is faster development and reduced risk.

Our Source Code Analysis Scan (SAST) creates a foundational set of findings of critical vulnerabilities. Code scanning alone can generate a substantial number of false-positives and miss other types of vulnerabilities. Chasing down false-positives is a waste of time and degrades productivity and security. We feed our SAST findings into our custom runtime testing engine that aligns your Salesforce org with your code and tests for injection flaws and hidden vulnerabilities. Each SAST finding is validated as a true-positive by demonstrating a proof-of-concept exploit in our reports. The result is faster development and reduced risk.

The Salesforce Security Center is for auditing access control and managing policies for users. It does not provide security warnings and it does not do SAST or IAST code scanning.

We offer a free trial period that allows you to integrate S4 with your Salesforce org and your DevSecOps team. It can be set up in under 10 minutes and doesn’t require security expertise. You can see how quickly, easily and seamlessly S4 integrates into your processes and see how vulnerable you are right away. We limit our trial functionality by only providing top level summary reports, rather than the detailed, per bug true-positive and exploit proof-of-concepts. Contact us after your first scan to review your report in detail.

Many companies believe falsely that because they contract for Software as a Service, that the provider wholly is responsible for security. That’s not correct, it’s a shared responsibility between the consumer and the provider. C-Suite Execs need to understand that if they accidentally or mistakenly expose their data, SalesForce, or any SaaS provider, is not responsible. We see a lot of best practices connected to compliance regimes like HIPAA, PCI and AAPI. Being able to represent that your environment is compliant can drive sales. Remember, SalesForce contains the most valuable information in your company: all of your customer information and all of your deal flow.

Out of the box, Salesforce is secure and compliant with a lot of privacy and security regimes. But, as you configure it and customize it, there is a potential to introduce hundreds if not thousands of vulnerabilities. If you have had your Salesforce org for more than a couple of years and have done any kind of customization or configuration, it’s likely that you have security vulnerabilities.

Yes, S4 extends the value of every Copado license by empowering every developer to integrate security scans into their workflows. Once a scan is complete, you can access summary findings or drill down into the Results Object to find details and remediation guides.

Sign up to get updates and security insights from DigitSec