Executive brief on how PCI DSS 4.0 affects offensive security practices, penetration testing, and segmentation testing. Watch Now

Scaling Application Security: Lessons from Salesforce AppExchange

Join top security leaders from Bishop Fox, AppOmni, and Guidewire as they reveal how Salesforce AppExchange set the standard for scalable SaaS security—packed with real-world insights to future-proof your security strategy.

Watch three distinguished security leaders share critical insights from the frontlines of enterprise SaaS transformation. This compelling discussion explores how Salesforce's AppExchange program pioneered scalable security standards that now protect thousands of enterprise applications worldwide.

Through candid conversation and real-world examples, you'll discover how the shift to cloud-native SaaS fundamentally changed the security landscape and what it takes to build trust at scale. From the architectural decisions that shaped AppExchange's security model to the practical challenges of evaluating SaaS vendors for application security, this session delivers actionable intelligence for security professionals navigating today's complex ecosystem.

Why You Should Watch:

  • Strategic Security Architecture: Learn how AppExchange established trust frameworks that scaled to support thousands of third-party applications while maintaining enterprise-grade security standards.
  • Dual Perspective Insights: Gain unique visibility into both sides of the SaaS equation—understanding what builders need to deliver secure solutions and what buyers should demand from their vendors.
  • Future-Proof Your SaaS Strategy: Discover proven approaches for vendor risk assessment, security collaboration, and building lasting partnerships that strengthen rather than compromise your security posture.

Whether you're architecting secure SaaS solutions, evaluating vendor security programs, or leading digital transformation initiatives, this conversation provides essential guidance from leaders who've successfully navigated the evolution from traditional software to cloud-native ecosystems.

Featured Security Leaders:

  • Vinnie Liu, CEO, Bishop Fox - Founder and CEO of Bishop Fox, leading offensive security engagements for top-tier technology and enterprise organizations for over 15 years.
  • Brendan O'Connor, CEO & Co-Founder, AppOmni - Former Salesforce security leader and co-creator of AppExchange's trust architecture, now CEO of AppOmni—securing SaaS for hundreds of enterprises globally.
  • James Dolph, CISO, Guidewire - Veteran enterprise security leader overseeing risk management, governance, and vendor security for one of the world's leading insurance software providers.
Vinnie Liu headshot

About the speaker, Vincent Liu

CEO & Co-founder of Bishop Fox

Vincent Liu (CISSP) is CEO and cofounder at Bishop Fox. With over two decades of experience, Vincent is an expert in offensive security and security strategy; at Bishop Fox, he leads firm strategy and oversees client relationships. Vincent is regularly cited and interviewed by media such as Al Jazeera, The Information, and NPR while also writing as a contributing columnist for Dark Reading. He has presented at Microsoft BlueHat and Black Hat and has co authored seven books including Hacking Exposed Wireless and Hacking Exposed Web Applications. Vincent sits on the advisory boards of AppOmni, Elevate Security, Mod N Labs, and the University of Advancing Technology in addition to serving as returning faculty at the Practising Law Institute. Prior to founding Bishop Fox, Vincent led the Attack & Penetration team for the Global Security unit at Honeywell International. Before that, he was a consultant with the Ernst & Young Advanced Security Centers and an analyst at the National Security Agency.
More by Vincent

Extend Your Knowledge

Check out these related resources.

image of purple eBook cover with blue text and white page with graphs on dark background
Guide

Fortifying Your Applications: A Guide to Penetration Testing

Download this eBook to explore key aspects of application penetration testing, questions to ask along the way, how to evaluate vendors, and our top recommendations to make the most of your pen test based on almost two decades of experience and thousands of engagements.

Learn More
OWASP ASVS Demystified digital guide on purple lock background.
Guide

OWASP ASVS Demystified: A Practical Guide to Web Application Security Testing

In this technical guide, offensive security expert Shanni Prutchi provides analysis of the entire 278 verification requirements listed in OWASP's ASVS standard to assist in the generation of test cases and provide context to companies looking to test their applications against the standard.

Learn More
Application Security webcast: Getting the Most of your Pen Test with Dan Petro headshot
Virtual Session

Application Security: Getting the Most Out of Your Penetration Tests

Learn how to make the most of your application pen test and implement steps for repetitive secure application design in the future.

Learn More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.