Resources

A collection of datasheets, whitepapers, case studies, guides, videos, and other materials.

Case Studies

Platinum7 Protects client Salesforce Data

Hanna Andersson Protects Their Brand

incountry saves 1000 dev hours

Software Leader Accelerates SEcurity

Stopping Hackers In Thier Tracks

IGNORANCE IS NOT BLISS

PROACTIVE SALESFORCE SECURITY

Whitepapers

DATASHEET

DigitSec Security Scanner for Salesforce

WHITEPAPER

DigitSec DevSecOps for Salesforce

Low Code, No Code

Managing Security Risk in a
Low Code, No Code World

Compliance

PCI For
Commerce Cloud

NIST Compliance

PCI Compliance

HIPAA & HITECH Compliance

GDPR Compliance

ISO 27001 Compliance

APPI Compliance

SOX Compliance

Videos

Play

FAQ

Top 10 Most Frequently Asked Questions:

1.) I thought Salesforce handled security. They have lots of really smart developers and engineers, isn't their product already secure?

It’s important to understand the Shared Responsibility model for Software as a Service products. As a provider, Salesforce is responsible for security on the day you log in for the first time. They manage the servers, the application and the network. But they also provide an amazingly flexible tool that can adapt to your business needs. That means that as you make modifications and changes, the responsibility for the security of your users, your code, and your data all belong to you. Any modification has the potential to create risk.

2.) How does your product integrate to help my team perform DevSecOps best practices?

Your developers benefit by integrating DigitSec directly into tools that they already rely on to do their jobs. DigitSec has plug-ins for IntelliJ compatible Integrated Development Environments and Visual Studio Code, one of the most popular open-source IDEs.

We also have integrations for JIRA and Jenkins to help manage bug tracking and deployment. DigitSec integrates directly with tools your team may already be using as part of your DevOps process.

Finally, DigitSec provides an Analytics Dashboard to give your team an overview of critical vulnerabilities tagged by risk level. Drill down to see each finding, a description of the vulnerability, a stack trace of the code, and guides to resolving the issue.

Our tool leverages 20 years of cybersecurity experience and integrates directly into tools your DevOps team already relies on.

3.) I want to make sure my Salesforce data is secure, but we don’t do any custom coding for our Salesforce Org. Can I still benefit from using DigitSec?

If you download apps from Salesforce AppExchange or if you’ve just done some Salesforce configuration changes, DigitSec can be a valuable ally to make sure your organization isn’t accidentally creating vulnerabilities in your user permissions and privileges. Too often, permissions to users and integrated apps are granted too broadly leading to critical vulnerabilities.

4.) Our team already integrates code scanners into our process. How is DigitSec different?

Our Source Code Analysis Scan (SAST) creates a foundational set of findings of critical vulnerabilities. Code scanning alone can generate a substantial number of false-positives and miss other types of vulnerabilities. Chasing down false-positives is a waste of time and degrades productivity and security. We feed our SAST findings into our custom runtime testing engine that aligns your Salesforce org with your code and tests for injection flaws and hidden vulnerabilities. Each SAST finding is validated as a true-positive by demonstrating a proof-of-concept exploit in our reports. The result is faster development and reduced risk.

5.) How much does it cost to run a scan?

6.) Isn’t there already a Salesforce Security Center?

The Salesforce Security Center is for auditing access control and managing policies for users. It does not provide security warnings and it does not do SAST or IAST code scanning.

7.) How can I evaluate whether DigitSec is right for my team?

We offer a free trial period that allows you to integrate DigitSec with your Salesforce org and your DevSecOps team. It can be set up in under 10 minutes and doesn’t require security expertise. You can see how quickly, easily and seamlessly DigitSec integrates into your processes and see how vulnerable you are right away. We limit our trial functionality by only providing top level summary reports, rather than the detailed, per bug true-positive and exploit proof-of-concepts. Contact us after your first scan to review your report in detail.

8.) How can I work with my company’s C-Suite to help them understand security threats?

Many companies believe falsely that because they contract for Software as a Service, that the provider wholly is responsible for security. That’s not correct, it’s a shared responsibility between the consumer and the provider. C-Suite Execs need to understand that if they accidentally or mistakenly expose their data, SalesForce, or any SaaS provider, is not responsible. We see a lot of best practices connected to compliance regimes like HIPAA, PCI and AAPI. Being able to represent that your environment is compliant can drive sales. Remember, SalesForce contains the most valuable information in your company: all of your customer information and all of your deal flow.

9.) How likely is it that my Salesforce Org has vulnerabilities?

Out of the box, Salesforce is secure and compliant with a lot of privacy and security regimes. But, as you configure it and customize it, there is a potential to introduce hundreds if not thousands of vulnerabilities. If you have had your Salesforce org for more than a couple of years and have done any kind of customization or configuration, it’s likely that you have security vulnerabilities.

10.) When I integrate with Copado, can I view the results of my DigitSec scans directly in my Copado flow report?

Yes, DigitSec extends the value of every Copado license by empowering every developer to integrate security scans into their workflows. Once a scan is complete, you can access summary findings or drill down into the Results Object to find details and remediation guides.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.