Autonomously detect IDOR vulnerabilities, Apex system-mode leaks, and OWASP API Security violations in your Salesforce Experience Cloud sites — before attackers do.
Each scanner is built for a specific class of Salesforce vulnerability, then orchestrated by an AI agent.
Tests cross-object record ID prefix swaps and direct RecordUiController
access. Detects Insecure Direct Object References that bypass sharing rules.
Probes Aura endpoint controllers — list views, record data providers, and search — for guest-accessible sensitive objects and wildcard query leaks.
Probes custom Apex controllers with fuzzing inputs. Flags oversized result sets
(no WITH SHARING) and internal error message leaks exposing SOQL details.
GPT-4o orchestrates scanners, identifies systemic patterns, and generates a prioritised action plan with Salesforce Setup paths and Apex code fixes. Falls back to rule-based scoring with no API key required.
Optional AIFull OAuth 2.0 Authorization Code Flow with a local callback server. Authenticate as any Experience Cloud persona and compare guest vs. logged-in exposure.
Auth ScanInteractive severity charts, OWASP category breakdowns, and scan-over-time trends. Export print-ready HTML reports with full remediation guidance per finding.
ReportingThree steps from URL to remediation plan.
Enter your Experience Cloud URL. For authenticated scans, click one button to trigger the Salesforce OAuth browser flow.
The AI agent runs all three scanners in parallel, analyses findings for systemic patterns, and scores risk 0–100.
Review prioritised findings with specific Salesforce Setup paths, Apex code examples, and export a full PDF-ready HTML report.
Every finding is tagged with an OWASP API Security Top 10 reference.
Create a free account, run your first scan in minutes, and get a prioritised remediation roadmap.
Create Free Account Sign In