Critical Thinking - Bug Bounty Podcast Episode 108: How to Hack Salesforce, ServiceNow, and Other SaaS Products With Aaron Costello
Jan 30, 2025
Aaron Costello, a SaaS security expert known for his insights on misconfigurations, dives into the complexities of hacking Salesforce, ServiceNow, and Power Pages. He humorously contrasts hacker stereotypes with dedicated bug bounty hunters. Discussion includes the dangers of file upload vulnerabilities and the significance of proper access controls. Notably, he explores Sockle injection vulnerabilities and the intricacies of Salesforce Apex classes, while emphasizing collaboration in identifying security flaws across various SaaS platforms. Tune in for practical techniques and insider insights!
Chapters
Transcript
Episode notes
1 2 3 4 5 6 7 8
Intro
00:00 • 2min
Exploring Security and SaaS Misconfigurations
01:53 • 2min
Exploiting File Upload Vulnerabilities in SaaS
04:13 • 27min
Security Research Insights on SaaS Vulnerabilities
31:20 • 27min
Understanding Sockle Injection Vulnerabilities
58:20 • 8min
Understanding Salesforce Apex Classes and Payload Structures
01:05:54 • 4min
Hacking SaaS: Salesforce, ServiceNow, and Power Pages
01:10:11 • 18min
Exploring SaaS Vulnerabilities and Collaboration in Bug Bounty Hunting
01:28:37 • 2min