Security Minded Development Practices

Overview

Getting an app publicly listed on the AppExchange means the developers have submitted it to the Salesforce Security Review and has passed. Apps that have gone through this process have been tested for adherence to industry best practices as they relate to data and control security mechanisms.

Apps built on the Salesforce platform will need to perform a few different audits, including:

• Force.com Security Scanner (aka Checkmarx) - this is a self-service tool that is ran against all unmanaged code in an organization. A passing report or report that can have its findings mitigated with a false-positive report is required within the AppExchange Security Review app submission process.

• Chimera/ZAP -If the app contains any elements that connect to external, non-Salesforce endpoints (web services, SSO/SAML, etc) an additional scan will be required. Chimera is a web-based scanning tool that serves the same function of ZAP and can be used in lieu of ZAP if the remote endpoints are publically accessible. Otherwise, the ZAP tool will need to be downloaded, configured, and used to perform the audit. The output of either tool will be a findings report of best practice violations, exploits, etc that will need to be addressed.

Top 10 Development Tips for a Passing Grade

1. Bulkify

2. Processing single records isn't efficient

3. Perform DML on collections, not individual records

4. Method parameters accepting objects/sObjects should accept collections of objects/sObjects, not individual records (more efficient to call a method once and iterate through records as opposed to entering and exiting methods for every record)

5. Have Loop Awareness

6. Avoid DML within loops

7. Avoid SOQL/SOSL within loops

8. Avoid async invocations within loops

9. Respect Ownership/Sharing Rules

10. Only use "without sharing" when you have a good reason to

11. Respect Object and Field Level Permissions

12. Include CRUD and FLS checks before accessing/modifying/creating records

13. Usage of "Global" Access Modifiers

14. If customers can build customizations on components within your package, it's likely those components can never be removed.

15. Provide Adequate Test Coverage

16. No seeAllData=true

17. Positive and Negative Test Scenarios

18. All test methods include asserts

19. Beware of Properties Defined by URL Parameters

20. SOQL/SOSL injections

21. URL redirect

22. No Hard Coding

23. Ids

24. Static Resource components

25. Salesforce Document URLs

26. Every SOQL Query Should...

27. Include filter criteria

28. Have a LIMIT set

29. Triggers

30. One per object

31. Have customer toggle-able controls