sales@getoncrm.com
+91-7405042484 (Sales Inquiry)
GetOnCRM Solutions
  • Company
    • About
  • Services
    • Salesforce Sales Cloud
    • Salesforce Service Cloud
    • Salesforce Community Cloud
    • Salesforce Lightning
    • Salesforce Pardot
    • Salesforce CPQ
    • Salesforce Appexchange
    • Salesforce Integration
    • Data Management
    • Salesforce Mobile Application
    • Salesforce Commerce Cloud
    • Apttus CPQ
    • Salesforce Einstein
    • Salesforce Marketing Cloud
    • Heroku Cloud Solutions
    • Salesforce Field Service Lightning
  • Case Study
  • Blog
  • Career
  • Contact Us
  • Let’s talk
GetOnCRM Solutions
  • Company
    • About
  • Services
    • Salesforce Sales Cloud
    • Salesforce Service Cloud
    • Salesforce Community Cloud
    • Salesforce Lightning
    • Salesforce Pardot
    • Salesforce CPQ
    • Salesforce Appexchange
    • Salesforce Integration
    • Data Management
    • Salesforce Mobile Application
    • Salesforce Commerce Cloud
    • Apttus CPQ
    • Salesforce Einstein
    • Salesforce Marketing Cloud
    • Heroku Cloud Solutions
    • Salesforce Field Service Lightning
  • Case Study
  • Blog
  • Career
  • Contact Us
  • Let’s talk
GetOnCRM Solutions
  • Company
    • About
  • Services
    • Salesforce Sales Cloud
    • Salesforce Service Cloud
    • Salesforce Community Cloud
    • Salesforce Lightning
    • Salesforce Pardot
    • Salesforce CPQ
    • Salesforce Appexchange
    • Salesforce Integration
    • Data Management
    • Salesforce Mobile Application
    • Salesforce Commerce Cloud
    • Apttus CPQ
    • Salesforce Einstein
    • Salesforce Marketing Cloud
    • Heroku Cloud Solutions
    • Salesforce Field Service Lightning
  • Case Study
  • Blog
  • Career
  • Contact Us
  • Let’s talk
  • Company
    • About
  • Services
    • Salesforce Sales Cloud
    • Salesforce Service Cloud
    • Salesforce Community Cloud
    • Salesforce Lightning
    • Salesforce Pardot
    • Salesforce CPQ
    • Salesforce Appexchange
    • Salesforce Integration
    • Data Management
    • Salesforce Mobile Application
    • Salesforce Commerce Cloud
    • Apttus CPQ
    • Salesforce Einstein
    • Salesforce Marketing Cloud
    • Heroku Cloud Solutions
    • Salesforce Field Service Lightning
  • Case Study
  • Blog
  • Career
  • Contact Us
  • Let’s talk
Blog
Home Salesforce Tips and Tricks to Pass Salesforce Security Review
Salesforce

Tips and Tricks to Pass Salesforce Security Review

GetOnCRM Solutions September 2, 2020 0 Comments

The huge growth and popularity of Salesforce AppExchange and the extremely fluid nature of the platform as it offers evergreen scope for developing new apps. Salesforce requires all AppExchange and OEM applications to pass a security review before listing on the AppExchange.  In the security review, the security team tests your product’s defenses against the attacks described on the OWASP list. Also, their mission is to steal data that they don’t have permission to access.

Following these tips and tricks to pass Salesforce security review

Passing the security review you need to put efforts from the very beginning of the application development.

  • Understand the salesforce process before submitting for reviews. Read the Force.com requirements checklist and secure coding guidelines carefully upfront. To understand the major security risks from Force.com’s standpoint, and incorporate the same in the app.
  • Almost all developers ignore the security coding library in Apex to create CRUD/FLS rules, but Force.com takes it seriously. You should always add CRUD/FLS rules before processing DML operations.

Also Read: Tips To Choose Best App from AppExchange for Your Business

  • Understand how Salesforce prefers to store credentials (i.e. security key, secret tokens, passwords etc.). If you are using a custom setting for storing secure data, custom setting’s visibility should be set to p Among the three key concepts for handling and storing secure data: custom settings, apex crypto functions, and encrypted custom fields. The best practice is a combination of apex crypto function and protected custom setting to generate and subsequently store secure data.

Share your salesforce problem with us we are happy to help your business Book a Consultation

  • Understand how Salesforce prefers to store credentials (i.e. security key, secret tokens, passwords etc.). If you are using a custom setting for storing secure data, custom setting’s visibility should be set to p Among the three key concepts for handling and storing secure data: custom settings, apex crypto functions, and encrypted custom fields. The best practice is a combination of apex crypto function and protected custom setting to generate and subsequently store secure data.

Share your salesforce problem with us we are happy to help your business Book a Consultation

  • Using ESAPI (The OWASP Enterprise Security API), an open source, free, web application security control library would help in a big way. Programmers can leverage the ESAPI libraries to either build a solid base for new development or retrofit security into existing applications. The Force.com implementation of the ESAPI library is designed and customized for the security needs of the Force.com platform.
  • Try to avoid DML operation on page load. You might be using DML operation to store data on VisualForce page load.
  • While using controller variables at VisualForce page level use platform encoding in Visualforce to neutralize potential XSS threats. In Visualforce, the platform has three main encoding functions that developers can use to neutralize potential XSS threats: HTMLENCODE, JSENCODE, and JSINHTMLENCODE.
  • Example:
    <script>
    var x = '{!JSENCODE($CurrentPage.parameters.userInput)}';
    </script>
  • Run a free self-service source code analysis against code developed on the Force.com Platform (Apex and Visualforce)
  • Run a free web-application scan against your web-servers that integrate with Force.com. This is required if you are using external web service.

Market your app to 100,000 + salesforce customers on the appexchange

Market your app to 100,000 + salesforce customers on the appexchange

Top 10 vulnerabilities detected by Salesforce in the reviews:

  1. SQL and XML Injection
  2. Cross Site Scripting (XSS)
  3. Broken Authentication and Session Management
  4. Insecure Direct Object References
  5. Cross Site Request Forgery (CSRF/XSRF)
  6. Security Misconfiguration
  7. Insecure Cryptographic Storage
  8. Failure to Restrict URL Access
  9. Insufficient Transport Layer Protection (no SSL enforcement, weak or null ciphers, session cookies without secure attribute
  10.  Unvalidated Redirects and Forwards

Also Read: GetOnCRM Solutions have Successfully Launched CRP Analyst App on AppExchange

There are three possible outcomes of the review

Full Approval:

  • No medium or high risk issues were identified within your organization and application.
  • You will immediately be allowed to list your application on the AppExchange.
  • API token to access Professional Edition accounts will be provided.

Provisional Approval:

  • Certain low and medium risk issues were identified, which can be addressed fairly easily and do not pose significant risk to salesforce.com or its customers.
  • You will be allowed to list your application on the AppExchange. However, failure to remedy the noted issues within the specified time period will result in removal of the application from the AppExchange.
  • API token to access Professional Edition accounts will be provided.

Failure:

  • High risk issues were identified during the testing phase.
  • You will not be allowed to list your application on the AppExchange until all issues have been addressed and reviewed by the AppExchange Security team. If the application is already listed on the AppExchange, you will be provided 60 days to address issues.
  • API token to access Professional Edition accounts will not be provided.

Are you looking for a Salesforce AppExchange Development? GetOnCRM Solutions is a global Salesforce silver consulting partner based in California (USA), with offices in Canada and India. At GetOnCRM Solutions, We help customers to pass their application security review. Contact us for any Salesforce requirements.

20
704 Views
The battle of CPQ: Salesforce vs. ApttusPrevThe battle of CPQ: Salesforce vs. ApttusAugust 28, 2020
What Are Some Common Salesforce CPQ Implementation Mistakes?September 9, 2020What Are Some Common Salesforce CPQ Implementation Mistakes?Next

Related Posts

Salesforce

Reasons Why You Should Go For Salesforce Customization

Setting up a business with CRM implementation is a crucial decision that the...

GetOnCRM Solutions September 16, 2020
CRMSalesforce

Ways how CRM software converts leads into opportunities

Cloud CRM is the new opportunity for businesses to convert their leads into...

GetOnCRM Solutions January 28, 2021

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts
  • Accelerate Transformation Of Sales With Salesforce Sales Cloud
  • The Top 5 Benefits Of Using Salesforce For Fintech Companies
  • The Implementation Of Salesforce Marketing Cloud – A Segmented Approach
  • What Is The Role And Responsibilities Of Salesforce CRM Consultant
  • What’s The Cost Of Salesforce CRM Consulting Services In The Healthcare Industry?
Categories
  • Apttus 1
  • Contract Lifecycle Management 1
  • CRM 4
  • Field Service Lightning 2
  • Financial 1
  • Healthcare 1
  • Heroku 1
  • Logistics 2
  • NEWS 2
  • Pharmaceutical 2
  • Sales Cloud 3
  • Salesforce 29
  • Salesforce AppExchange 4
  • Salesforce Commerce Cloud 5
  • Salesforce Community Cloud 4
  • Salesforce CPQ 14
  • Salesforce CRM 12
  • Salesforce Einstein 4
  • Salesforce Integration 14
  • Salesforce Lightning 13
  • Salesforce Marketing Cloud 9
  • Salesforce Mobile App 7
  • Salesforce Pardot 7
  • Service Cloud 4
  • Tableau CRM 1

We are a global Salesforce silver consulting partner that serves a broad mix of businesses, ranging from startups to big corporations. We help our clients make significant and lasting improvements to their performance and realize their most important goals, using Salesforce as a platform to enable digital processes.

   forcetalk-getoncrm-salesforce

  • About
  • Career
  • Services
  • Case Study
  • Blog
  • Contact Us
  • Let’s Talk
GetOnCRM Solutions
INDIA
Ahmedabad: B/706, Ganesh Plaza, Nr. Navrangpura Bus Stand, Navrangpura, Ahmedabad, Gujarat-380009, India.
sales@getoncrm.com
 career@getoncrm.com
sales@getoncrm.com         
career@getoncrm.com
+91-7405042484 (Sales Inquiry)
+91-7016864265 (HR/Career)
sales@getoncrm.com         
career@getoncrm.com
Vadodara: 1008, 10th floor, OCEAN, Nr. Centre Square Mall, Sarabhai Compound, Dr. Vikram Sarabhai Marg, Vadodara, Gujarat, India.
+91-7859895713 (HR/Career)
UK
Address: Brackley Square, Woodford Green, London, IG8.
+44 7877 959 614
USA
Address: 3080 Cowper Street Palo Alto, California 94306, USA
+1 (650) 704-5436
CANADA
Address: 1204 29 Ave NW Edmonton, AB T6T 0K8, Canada
+1 (250) 329-6480

Terms of use | Privacy Environmental Policy

Copyright © 2020 GetonCRM.  All Rights Reserved.

Copyright © 2022 GetOnCRM.  All Rights Reserved. | Our Official United Kingdom Website

Copyright © 2021 GetOnCRM.
All Rights Reserved.
Our Official United Kingdom Website