Join WiCyS Minnesota’s Jessa Gegax as she presents at BSides Austin on Salesforce Snafus: Unveiling and Exploiting Security Misconfigurations Using Commonly Used Widgets. 

This talk explores how to leverage the nooks and crannies of Salesforce to find and abuse misconfigurations that chain together and create serious vulnerabilities that leak sensitive data to adversaries. It highlights that security concerns still exist on applications built on a well-known CRM tool with declarative or “point-and-click” development, where to discover them, and how they can be remediated. It provides a real-world scenario of using various Salesforce widgets to find security vulnerabilities like Insecure Direct Object References (IDORs) and Broken Authorization as a means of stealing sensitive client information. It offers solutions for detection and prevention for these elevated attacks that relate to common security best practices. At the end of this discussion, you will walk away with better awareness of the vulnerabilities existing in Salesforce, how they can be discovered, remediated, then prevented. You may even learn a new trick or two on how to think like a hacker when building your company’s next communication tool!

The very first BSides in Austin was organized in 2010 by Jack Daniel and Ben Tomhave. This was the fourth BSides ever to be held, and it had about 30 attendees. In 2011, Michael Gough stepped up and took over organization of our local event. Even as he continued to manage the BSides Austin events through 2015, Michael also helped kick off BSides Texas in 2012, and was heavily involved in BSides throughout Texas (including Dallas, San Antonio and Houston). Matt and Janice have been running BSides Austin since 2016. BSides Austin has grown in that short time into a two-day event with around 750 participants. Our goal is to continue providing a fantastic event with great content and training for the information security community.

Register HERE