Skip to content
/ paas-cloud-goat Public

PaaS Cloud Goat is a simulated vulnerable Salesforce application providing hands-on experience with penetration testing of custom Salesforce applications.

License

AGPL-3.0 license
2 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Coalfire-Research/paas-cloud-goat

BranchesTags

Repository files navigation

PaaS Cloud Goat is a simulated vulnerable Salesforce application providing hands-on experience with penetration testing of custom Salesforce applications.

The tool is similar to others like CloudGoat, CloudFoxable, AzureGoat, GCPGoat, and Pen-Testing Cloud REST APIs in OpenStack. It is not, however, a tool for attacking Salesforce.com itself.

It is novel because it focuses on custom applications deployed using the Salesforce platform and is the first tool to provide lab exercises with a collection of security tests. The main takeaways:

  1. Hands-on learning opportunity of pen testing custom Salesforce applications
  2. Detailed training documentation material about the underlying flaws
  3. Consolidated list of common Salesforce application vulnerabilities

Installation

See INSTALL

Getting Started

Important

Ensure that you understand and follow the Salesforce policy for any security testing: https://www.salesforce.com/company/disclosure/

  1. Login to the Salesforce test environment using the "Standard User" profile
  2. Use the Salesforce App Launcher menu to search for "PaaS Cloud Goat"
  3. You will find in the application helpful guidance and hints for working through the various lab excercises

License

See LICENSE

About

PaaS Cloud Goat is a simulated vulnerable Salesforce application providing hands-on experience with penetration testing of custom Salesforce applications.

Resources

Readme

License

AGPL-3.0 license
Activity
Custom properties

Stars

2 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages