Varonis announces strategic partnership with Microsoft to accelerate the secure adoption of Copilot.

Learn more

Threat Update 60 - Abusing Public Salesforce APIs for Fun & Profit

APIs are designed to facilitate programmatic access for application integrations and data sharing, but simple access misconfigurations in critical solutions like Salesforce can allow attackers to inappropriately access sensitive contacts, records, and more.
Kilian Englert
1 min read
Last updated February 11, 2022

Contents

    APIs are designed to facilitate programmatic access for application integrations and data sharing, but simple access misconfigurations in critical solutions like Salesforce can allow attackers to inappropriately access sensitive contacts, records, and more.

    Kilian Englert and Ryan O'Boyle from the Varonis Cloud Architecture team discuss how these API misconfigurations occur, and some tools attackers use to exploit them.

    __Please visit https://www.varonis.com/blog/abusing-salesforce-communities/ to learn more about this topic.

    What you should do now

    Below are three ways we can help you begin your journey to reducing data risk at your company:

    1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
    2. Download our free report and learn the risks associated with SaaS data exposure.
    3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.
    Kilian Englert
    Kilian Englert Kilian hat einen Hintergrund in der Sicherheitstechnik für Unternehmen und im Verkauf von Sicherheitslösungen. Kilian ist Certified Information Systems Security Professional (CISSP) und erstellt interne und öffentliche Inhalte zu Themen rund um Cybersicherheit und Best Practices in der Technologie.

    Try Varonis free.

    Get a detailed data risk report based on your company’s data.
    Deploys in minutes.
    Get started View sample

    Keep reading

    Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

    securityrwd---introduction-to-aws-identity-and-access-management-(iam)
    SecurityRWD - Introduction to AWS Identity and Access Management (IAM)
    securityrwd---introduction-to-aws-identity-and-access-management-(iam)
    Kilian Englert
    March 4, 2022
    Kilian Englert and Ryan O'Boyle from the Varonis Cloud Architecture team compare and contrast Amazon Web Services Identity and Access Management against a traditional on-prem setup with Active Directory. Listen in as the team discusses how AWS IAM goes beyond simple user and group management to creating an entire network and defining access to network resources and infrastructure.
    what-is-oauth?-definition-and-how-it-works
    What is OAuth? Definition and How it Works
    what-is-oauth?-definition-and-how-it-works
    Rob Sobers
    April 5, 2012
    OAuth (Open Authentication) is an open-standard authorization protocol or framework that provides applications the ability for “secure designated access.” It is a way for users to grant websites or applications access to their information without giving away their passwords.
    what-is-network-access-control?-explaining-nac-solutions
    What Is Network Access Control? Explaining NAC Solutions
    what-is-network-access-control?-explaining-nac-solutions
    Robert Grimmick
    July 7, 2022
    Explore network access control (NAC), a technology aimed at giving organizations more control over who can access their network and with what permissions.
    automating-permissions-cleanup:-an-in-depth-roi-analysis
    Automating Permissions Cleanup: An In-Depth ROI Analysis
    automating-permissions-cleanup:-an-in-depth-roi-analysis
    Michael Buckbee
    March 29, 2020
    Previously, we discussed automating data access requests to achieve incredible ROI by cutting down on help desk tickets. We also briefly mentioned the enormous amount of work involved in finding...