Skip to content

V-i-x-x/salesforce-pentest-series

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
[Part 1] parameter-tampering-and-soqli
[Part 1] parameter-tampering-and-soqli
 
 
[Part 2] insecure-deserialization
[Part 2] insecure-deserialization
 
 
Readme.md
Readme.md
 
 

Repository files navigation

🚨 Salesforce Penetration Testing Series – Learn How Attackers Exploit Weaknesses! 🚨

As a developer, penetration tester, and security researcher, I’ve encountered multiple security issues in Salesforce applications. Over the past few years, I’ve conducted Salesforce auditing and penetration testing, uncovering common mistakes that developers and QA teams should be aware of.

This series is designed to give Salesforce developers an attacker’s perspective, demonstrating how poorly developed code can lead to data breaches. It also reveals how attackers and malicious internal users exploit vulnerabilities, so developers can write more secure code.

💡 To help Salesforce developers, security engineers, and pentesters, I’ve created:

✅ A vulnerable Salesforce platform for hands-on testing

✅ A detailed walkthrough series covering real-world attack scenarios & mitigation techniques

What You’ll Learn: 0 ✅ How poorly designed Apex classes expose sensitive data

✅ How parameter tampering & SOQL Injection can lead to data breaches

✅ How insecure deserialization can allow privilege escalation or unexpected behavior.

✅ How to harden your Salesforce applications against common vulnerabilities

🔥 Check out the full series and try out the vulnerabilities yourself! 🔥

🔗 GitHub Repository & Walkthroughs: https://github.com/V-i-x-x/salesforce-pentest-series/

🔗 Salesforce Platform For replication: https://vixxtest-dev-ed.develop.my.site.com/

🚀 More attack scenarios coming soon when I have free time!

👀 Upcoming topics:

🔸 XSS Attacks – Stealing cookies and performing actions as the logged-in user using javascript payloads.

🔸 Phishing

🔸 Insecure Direct Object Referencing

🔸 Server-side Request Forgery

#Salesforce #CyberSecurity #Pentesting #OffensiveSecurity #BugBounty #AppSec

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

4 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published