Mapping the SaaS Attack Surface
Jaime Blasco
BSidesSF 2025 — Here Be Dragons · Day 2 · Main
Attack surface management has long focused on infrastructure and cloud — but when 90% of an organization's applications are SaaS, the attack surface is mostly things the security team does not own and cannot directly scan. Jaime Blasco, co-founder and CTO of Nat Security, demonstrates a comprehensive methodology for mapping SaaS exposure using nothing but public DNS records, certificate transparency logs, SSO redirect behavior, and dark web credential dumps. ---
AI review
Blasco took threat intelligence techniques built for adversary infrastructure mapping and turned them on enterprise SaaS attack surface enumeration — and the result is both technically sharp and immediately actionable. The SSO redirect enumeration methodology alone, ending with 'your customer success stories are attack surface,' is worth the session.