s4 - SaaS Security Scanner for Salesforce

S4 - SaaS Security Scanner for Salesforce (S4), is a security tool developed by DigitSec, Inc. that protects Salesforce organizations from hackers and data breaches. S4 does this by utilizing static code analysis and runtime testing to identify threats and vulnerabilities in Apex code written in the Force.com development environment. As the leading SaaS application security provider, S4 is committed to providing scans which are both robust and thorough. In accordance with that, S4 can be easily scaled out for large organizations and provides Proof of Concept (PoC) exploits for all injection flaws uncovered.

Being proactive and utilizing S4 before it was too late

One of the world’s largest telecommunication companies reached out to DigitSec, Inc. in June 2018. While they had not suffered from a large-scale data breach in the past, they knew their globally recognized name and annual revenue put a target on their back. The company did not want to become another scandalous news story and vowed to be proactive in securing their Salesforce data. This mentality prompted the Application Security Team to run S4 and evaluate the overall security health of their Salesforce.


$57 - $109 Billion

The amount of money the U.S. government estimates the American economy lost from cyber attacks in 2016.


$3.86 Million

The average cost of a data breach to companies worldwide (according to a 2018 study by the Ponemon Institute for IBM).

Right from the start, S4 uncovered a vast number of threats and vulnerabilities in the company’s Apex code and overall Salesforce environment. These threats included insecure API access, a red flag which if ignored, could have led to a massive data breach containing financial information such as credit card numbers and bank account numbers. For a company committed to prioritizing their customers’ data, S4 had made a startling discovery.

Integrating S4 into their everyday workflow

Once the company realized the level of positive impact S4 had on their overall Salesforce security health, they decided to take their use of the tool to the next level. Now, before any code in their Salesforce environment is pushed to production, the company has S4 run a comprehensive security scan. This way any security bugs are caught immediately, and not after changes have been shipped to production.

For any other Salesforce security scanner, running a comprehensive security scan this frequently would not be feasible for large code bases. It would simply take too long and push development behind schedule. S4 though, is fast and efficient. Due to its unique application of static code analysis and runtime testing, S4 can rapidly identify threats and vulnerabilities in any size Salesforce environment.


How S4 has impacted the company’s Salesforce security health

Due to the company’s regular use of S4 and the tool’s robust ability, the company has been able to protect over $120 million worth of orders processed through Salesforce from hackers and other threats. Moving forward, they will continue to use S4 in their day-to-day development on Salesforce. The company is committed to keeping their customers’ data safe and have found S4 to be the perfect tool in helping make that happen.

Engagement overview


Over $120 million worth of orders processed through Salesforce protected


Expert remediation recommendations provided for each threat


1 less company at risk from an attack on their Salesforce data

Digisec logo 5x7in.png