Alert icon Keyboard navigation enabled.
Alert icon TAB or Shift+TAB to navigate across. Down ↓ to open menu. ESC to close menu.
Alert icon Down ↓ to select section. Right → to activate. Up ↑ / Down ↓ / Tab to traverse all. ESC to exit.
BeyondTrust
Skip to content Use space or enter to skip.

What can we help you find today?

Instant Results
  • Website Results
  • Technical Documentation

Filter Options

Focus your search

Filtering by

Your recent searches:

Contact Us Chat with Sales Get Support
  • English
  • Deutsch
  • français
  • español
  • 한국어
  • português
  • Home
  • Resources
  • Webinars
  • Beyond Profiles and Permission Sets: Understanding True Privilege in Salesforce current page
Link copied

Beyond Profiles and Permission Sets: Understanding True Privilege in Salesforce

with Christopher Calvani | @nulvox , Security Researcher
Webinars default
Beyond Profiles and Permission Sets: Understanding True Privilege in Salesforce

Get Instant Access to this Content

Learn more about how to secure your business from threats in places you didn't even know existed.

About the session

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied

This presentation explored how privilege in Salesforce is far more expansive than most organizations realize, revealing how common configurations can silently bypass security controls.

  • What privilege really means in Salesforce and why the platform doesn't define it for you
  • How profiles, permission sets, and the additive-only model create unintended access
  • The overlooked risks of connected apps, API access, and Apex execution contexts
  • Live demo: bypassing record-level security with just a Read-Only profile and a single permission set
  • Why the most dangerous security principles in your org are rarely the ones anyone is watching

Meet the Speaker

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied
Christopher Calvani | @nulvox 
Christopher Calvani | @nulvox 
Security Researcher
Christopher Calvani is a Security Researcher on BeyondTrust’s research team, where he blends vulnerability research with detection engineering to help customers stay ahead of emerging threats. A recent graduate of the Rochester Institute of Technolog ... read more

Christopher Calvani is a Security Researcher on BeyondTrust’s research team, where he blends vulnerability research with detection engineering to help customers stay ahead of emerging threats. A recent graduate of the Rochester Institute of Technology with a Bachelor of Science in Cybersecurity, Christopher previously supported large‑scale infrastructure at Fidelity Investments as a Systems Engineer intern and advanced DevSecOps practices at Stavvy.

Christopher Calvani is a Security Researcher on BeyondTrust’s research team, where he blends vulnerability research with detection engineering to help customers stay ahead of emerging threats. A recent graduate of the Rochester Institute of Technolog ... read more
  • X
Christopher Calvani | @nulvox 
Security Researcher

Christopher Calvani is a Security Researcher on BeyondTrust’s research team, where he blends vulnerability research with detection engineering to help customers stay ahead of emerging threats. A recent graduate of the Rochester Institute of Technology with a Bachelor of Science in Cybersecurity, Christopher previously supported large‑scale infrastructure at Fidelity Investments as a Systems Engineer intern and advanced DevSecOps practices at Stavvy.

×

Recommended Resources

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied
On-Demand Webinar
Tech Talk Tuesday: Securing "AI Coworkers" on the Endpoint
On-Demand Webinar
What’s New! Privileged Remote Access 26.1 Release
On-Demand Webinar
From Shadow AI to Agent Inventory: Building a Risk-Driven Governance Model for Enterprise AI Agents
Podcasts
Ep. 95 - Phishing 2.0, Deepfakes, and the Death of 'Trust But Verify' // Tim Chase
Podcasts
Ep. 94 – Mistakes, Malware and Missile Industry Day // Silas Cutler
Podcasts
Ep. 93 - From Pwn2Own to Pwning AI // Aaron Portnoy
Blog
Securing Agentic AI Workloads with Visibility and Privileged Control
Blog
AI Agent Identity Governance: Why Least Privilege is the Non-Negotiable Security Control
Blog
Pwning AI Code Interpreters in AWS Bedrock AgentCore
Latest
  • The Ghost in the Machine (Securing Non-Human Identities)
    Jun 18, 2026 The Ghost in the Machine (Securing Non-Human Identities)
    Webinar
Related
  • On-Demand | Crouching Admin, Hidden Hacker: Privileged Access & the Unnoticed Masters | Part 2
    Mar 10, 2023 On-Demand | Crouching Admin, Hidden Hacker: Privileged Access & the Unnoticed Masters | Part 2
    On-demand we...
    90m
Share this Article
  • Link

Keep up with BeyondTrust

Customer Support Get Started
  • LinkedIn
  • X
  • Facebook
  • Instagram
  • Add BeyondTrust as a preferred source on Google
  • Privacy
  • Security
  • Manage Cookies
  • Do Not Sell My Data
  • WEEE Compliance

Copyright © 2003 — 2026 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.

Prefers reduced motion setting detected. Animations will now be reduced as a result.