In this post, I will discuss what are the important parameters that need to be taken care while developing the App-Exchange Application using Salesforce. Before we dive into the concepts I would like to tell you that after developing the application, every application goes with the below security checks
- Checkmarx: – It is a free tool available to scan the Complete Code that is in your org where development has been done.
- Security Review: – The second step after submitting the code to the checkmarx and resolving all the issues is to Submit the package for the security review where salesforce representatives check the Quality of the code and functionality as well.
So, In order to develop the application which is secure and minimize the risk of data compromise or any other confidential information a developer must need to keep the following points into the mind while developing the application
1. Cross-Site Scripting
2. S(O)QL Injection
3. Cross Site Request Forgery
4. Secure Communications and Cookies
5. Storing Secrets
6. Arbitrary Redirects
7. Access Control
8. Lightning Security Best Practices
9. Marketing Cloud App Security
10. Secure PostMessage
11. Secure WebSockets
Here is a Link to Trailhead module which explains everything about secure coding guidelines with the practical example