Join WiCyS Minnesota’s Jessa Gegax as she presents at BSides Chicago on Salesforce Snafus: Unveiling and Exploiting Security Misconfigurations Using Commonly Used Widgets. 

This talk explores how to leverage the nooks and crannies of Salesforce to find and abuse misconfigurations that chain together and create serious vulnerabilities that leak sensitive data to adversaries. It highlights that security concerns still exist on applications built on a well-known CRM tool with declarative or “point-and-click” development, where to discover them, and how they can be remediated. It provides a real-world scenario of using various Salesforce widgets to find security vulnerabilities like Insecure Direct Object References (IDORs) and Broken Authorization as a means of stealing sensitive client information. It offers solutions for detection and prevention for these elevated attacks that relate to common security best practices. At the end of this discussion, you will walk away with better awareness of the vulnerabilities existing in Salesforce, how they can be discovered, remediated, then prevented. You may even learn a new trick or two on how to think like a hacker when building your company’s next communication tool!

BSidesChicago is where the heart of hacking and infosec beats the loudest in the Chicagoland area! This isn’t just another conference—it’s a vibrant, diverse, and inclusive community of enthusiasts from every corner of the cybersecurity world, coming together to ignite ideas, share knowledge, and push the boundaries of what’s possible.

Register HERE