{% extends "base.html" %} {% block title %}Salesforce Security AI Scanner — AI-Powered Salesforce Security{% endblock %} {% block extra_head %} {% endblock %} {% block content %}
AI-Powered Security Intelligence

Salesforce Security
Intelligence Platform

Autonomously detect IDOR vulnerabilities, Apex system-mode leaks, and OWASP API Security violations in your Salesforce Experience Cloud sites — before attackers do.

{{ total_scans }}
Scans Run
{{ total_findings }}
Findings
{{ critical_count }}
Critical
salesforce-security-ai-scanner — scan

Three Expert Scanners. One Platform.

Each scanner is built for a specific class of Salesforce vulnerability, then orchestrated by an AI agent.

IDOR Scanner

Tests cross-object record ID prefix swaps and direct RecordUiController access. Detects Insecure Direct Object References that bypass sharing rules.

API1:2023 BOLA
Aura Fuzzer

Probes Aura endpoint controllers — list views, record data providers, and search — for guest-accessible sensitive objects and wildcard query leaks.

API1 BOLA API8 Misconfig
Apex Scanner

Probes custom Apex controllers with fuzzing inputs. Flags oversized result sets (no WITH SHARING) and internal error message leaks exposing SOQL details.

API3:2023 BOPLA
AI Agent Analysis

GPT-4o orchestrates scanners, identifies systemic patterns, and generates a prioritised action plan with Salesforce Setup paths and Apex code fixes. Falls back to rule-based scoring with no API key required.

Optional AI
Salesforce OAuth

Full OAuth 2.0 Authorization Code Flow with a local callback server. Authenticate as any Experience Cloud persona and compare guest vs. logged-in exposure.

Auth Scan
Dashboard & Reports

Interactive severity charts, OWASP category breakdowns, and scan-over-time trends. Export print-ready HTML reports with full remediation guidance per finding.

Reporting

How It Works

Three steps from URL to remediation plan.

1
Configure & Connect

Enter your Experience Cloud URL. For authenticated scans, click one button to trigger the Salesforce OAuth browser flow.

2
Automated AI Scan

The AI agent runs all three scanners in parallel, analyses findings for systemic patterns, and scores risk 0–100.

3
Act on Findings

Review prioritised findings with specific Salesforce Setup paths, Apex code examples, and export a full PDF-ready HTML report.

OWASP API Security 2023 Coverage

Every finding is tagged with an OWASP API Security Top 10 reference.

{% for ref, desc in [ ("API1:2023","Broken Object Level Authorization"), ("API3:2023","Broken Object Property Level Authorization"), ("API5:2023","Broken Function Level Authorization"), ("API8:2023","Security Misconfiguration") ] %}
{{ ref }}
{{ desc }}
{% endfor %}

Ready to Secure Your Salesforce?

Create a free account, run your first scan in minutes, and get a prioritised remediation roadmap.

Create Free Account Sign In
{% endblock %} {% block extra_scripts %} {% endblock %}