Things to keep in mind while developing the Salesforce App-exchange Application

In this post, I will discuss what are the important parameters that need to be taken care while developing the App-Exchange Application using Salesforce. Before we dive into the concepts I would like to tell you that after developing the application, every application goes with the below security checks

  1. Checkmarx: – It is a free tool available to scan the Complete Code that is in your org where development has been done.
  2. Security Review: – The second step after submitting the code to the checkmarx and resolving all the issues is to Submit the package for the security review where salesforce representatives check the Quality of the code and functionality as well.

So, In order to develop the application which is secure and minimize the risk of data compromise or any other confidential information a developer must need to keep the following points into the mind while developing the application

1Cross-Site Scripting 
2S(O)QL Injection 
3Cross Site Request Forgery 
4Secure Communications and Cookies 
5Storing Secrets 
6Arbitrary Redirects 
7Access Control 
8Lightning Security Best Practices 
9Marketing Cloud App Security
10Secure PostMessage
11Secure WebSockets

Here is a Link to Trailhead module which explains everything about secure coding guidelines with the practical example

https://trailhead.salesforce.com/en/modules/secdev_injection_vulnerabilities/units/secdev_inject_get_started_wappsec

Resources: – 

  1. Salesforce Document
  2. Salesforce Security Guide
  3. An Overview of Force.com Security
Advertisements