DigitSec S4 Covers Salesforce Security Concerns with Innovative Tools

Welcome to DigitSec (link), a Seattle-based security software company, who is a founding member of the SalesforceDevops.net List of ISVS & Tools! DigitSec sells S4 for Salesforce, which is a SaaS platform for continuous application security testing. S4, which is short for SaaS Security Scanner, takes a comprehensive approach to Salesforce security with Static Source Code Analysis (SAST), Software Composition Analysis (SCA), Interactive Runtime Testing (IAST), and cloud security configuration review.

A More Complete Salesforce Security Solution

DigitSec S4 is easy to use and to buy. New customers subscribe to continuous scanning services and remediation reporting which may be integrated into orchestration pipelines. The DigitSec S4 platform then takes care of security services automatically.

External Package Threat Detection

To distinguish itself from the pack of SAST tools, DigitSec S4 offers additional security technologies and services which are sorely neglected activities in Salesforce devops workflows. To fill the gap, the platform uses software composition analysis, where all packages and external libraries used in a Salesforce app are checked for vulnerabilities.

Lurking security issues in many Salesforce orgs come from embedded vulnerabilities in Apex, VisualForce, and other Salesforce languages. And, Lightning Web Components now delves into the JavaScript ecosystem, which is famously dependent on layers of frameworks, and shared libraries. To mitigate these vulnerabilities, DigitSec S4 checks for JavaScript, external packages, and other injected vulnerabilities.

Malware injection from external packages is a major concern, especially considering the SolarWinds and Codecov software supply chain hacks. DigitSec S4 addresses this growing security concern with software composition analysis.

Runtime Testing

After DigitSec S4 completes its scans, it generates a runtime security testing harness for checking Salesforce apps interactively. This innovative feature is a form of automated penetration testing.

Configuration Review

DigitSec S4 performs a security configuration review where the platform checks for vulnerabilities in commonly misconfigured data safety settings. DigitSec says this scan supports compliance with standards such as PCI-DSS, GDPR, HIPAA, GLBA, and ISO27001.

Security is a Developer Concern

The company recently announced a plugin for SFDX-CLI that allows developers to easily run S4 reports. This is another example of how security concerns in Salesforce devops are increasingly focused on incorporating security tools and techniques early on in the app development lifecycle.

With Jira, Jenkins, Copado and other integrations DigitSec S4 is a better equipped security platform than most of the traditional SAST scanners used by Salesforce developers. As enterprises and ISVs look to harden their offerings in light of cybersecurity concerns, DigitSec S4 should continue to find satisfied customers in this quickly growing market.

Vern’s Salesforce Devops Posts

About Vernon Keenan

Vernon Keenan headshot

Vernon Keenan (LinkedIn) works as a senior information technology industry consultant based in Oakland, California.

He earned his B.Sc. in Biomedical Engineering at Northwestern University where he programmed a PDP-8 with punched paper tape.

In his 34-year-long career he has been a teacher, SPSS programmer, database administrator, clinical researcher, technology journalist, product marketing manager, market researcher, management consultant, and industry analyst. Most recently he is a telecom operator, cloud architect, Go devops engineer and Salesforce Developer/Architect.

For inquiries about Salesforce strategy briefings or solution architect work please contact Vern directly at +1-510-679-1900 or vern@vernonkeenan.com.

Related Articles

Recent Articles