The Salesloft–Drift breach (more context - https://news.ycombinator.com/item?id=45106340) this August showed how one weak integration can ripple across 700+ orgs (Cloudflare, Palo Alto, Zscaler, etc.). Attackers stole tokens from a single app and used them like skeleton keys to exfiltrate Salesforce, Google Workspace, and Slack data.

Looking around, I found no clear framework or set of controls to track and improve integration security.

So, I’ve published the Integration Security Top 10 (ISF) and open-sourced it on GitHub. It’s modeled after the OWASP Top 10: short, memorable, and focused on the most critical risks in SaaS-to-SaaS and API integrations. Each item also has an actionable “playbook” to help move theory into practice.

The goal is to help orgs prevent the sorry situation that we saw unfold at so many supposedly "secure" companies over the last few weeks. I'm doing this by creating a clear set of controls that orgs can look at and use like a checklist to fix integration security issues.