At the June 2017 Open Web Application Security Project (OWASP) meetup in Seattle, WA., CEO of DigitSec, Waqas Nazir, spoke to attendees about the exploitation and security of SaaS applications.
Today, SaaS applications have found their way into the heart of most modern enterprises. Companies that rely on SaaS applications typically don’t focus on their security due to the assumptions that the platform provider has already deployed proper security controls.
In this talk, Waqas presented examples of attack vectors and exploitation techniques which are especially applicable to SaaS platforms that allow customizations such as Salesforce's Force.com. He also discussed the need to utilize smart assessment methodologies when assessing the security posture of SaaS applications, as conventional methods sometimes don’t apply to SaaS providers.
Learn more about OWASP and get information about their Meetup chapter here: