Salesforce - Developer - Security

salesforce-developer

https://trustacademy.salesforce.com/
https://resources.docs.salesforce.com/204/latest/en-us/sfdc/pdf/salesforce_security_impl_guide.pdf
https://code.google.com/archive/p/force-dot-com-esapi/wikis/GettingStarted.wiki
https://developer.salesforce.com/docs/atlas.en-us.204.0.securityImplGuide.meta/securityImplGuide/salesforce_security_guide.htm
https://developer.salesforce.com/docs/atlas.en-us.204.0.workbook_security.meta/workbook_security/workbook_preface.htm
https://vimeo.com/139338101
https://medium.com/appiphony-llc/a-project-manager-s-guide-to-salesforce-security-review-f6c6d62adaa9#.umqhnd59d
http://www.slideshare.net/partnerforce/insiders-guide-to-the-appexchange-security-review-dreamforce-2015
http://www.slideshare.net/developerforce/secure-salesforce-external-app-integrations
https://developer.salesforce.com/docs/atlas.en-us.packagingGuide.meta/packagingGuide/security_review.htm
https://appexchange.salesforce.com/resource/1352496302000/help/Content/appexchange_publish_register.htm
https://developer.salesforce.com/docs/atlas.en-us.packagingGuide.meta/packagingGuide/security_review_about.htm
https://developer.salesforce.com/forums/?id=906F00000009BRgIAM
http://salesforce.stackexchange.com/questions/60773/security-review-for-paid-apps-in-appexchange
https://security.secure.force.com/security/tools/forcecom/scanner
https://developer.salesforce.com/page/Security_Review
https://developer.salesforce.com/docs/atlas.en-us.packagingGuide.meta/packagingGuide/appexchange_publish_register.htm
https://www.youtube.com/watch?v=oF_FAUsg6uQ - How Salesforce and PwC Help Customers Build Security and Trust in the Cloud
https://www.youtube.com/watch?v=17dr2GMvgd8 - Workshop: What's Possible with Salesforce Data Access
https://www.youtube.com/watch?v=FKMTYj6R4no - Salesforce Shield: How to Deliver a New Level of Trust
http://ruggedsoftware.org/

Policy
Introduction
Authentication
Authentication - API Login
Trusted IP Ranges
Identity Confirmation
High Security Sessions
Delegated Authentication
Federated Authentication - Basic
Federated Authentication Flows
OAuth
OAuth - Supported Flows
OAuth - Types of Tokens
OAuth - Web Server Flow
OAuth - User-Agent Flow
OAuth - JWT Bearer Token Flow
OAuth - SAML Bearer Assertion Flow
OAuth - Web SSO SAML Assertion Flow
OAuth - Username and Password Flow
SAML
OpenID Connect Basics
Why Not Just Use OAuth 2.0
OpenID - Configuring OpenID Connect
Connected Apps Basics
Connected Apps Demo
Authorization
Authorization Basic
Authorization-SensitiveProfilePermissions
CRUD
Field-Level-Security
Sharing Rules
API Considerations
Storing Sensitive Data - sObject
Storing Sensitive Data - Named Credentials
Storing Sensitive Data - Custom Settings

Open Redirect
SOQL Injection
Cross Site Scripting (XSS)
XSS - Automatic encoding
Cross Site Request Forgery (CSRF)
Clickjacking
Mixed Content
Miscellaneous
ESAPI
Checkmarx Scanner

// Salesforce - Developer - REST - Callout - Authorize Remote REST endpoints:

To authorize remote REST endpoints:

1. From Setup, enter Remote Site Settings in the Quick Find box, 

2. Click Remote Site Settings.

3. Click New Remote Site.

4. Provide a name for the remote site

5. Provide the URL for the remote site.   This URL authorizes all subfolders 
   for the endpoint, like https://th-apex-http-callout.herokuapp.com/path1 and 
   https://th-apex-http-callout.herokuapp.com/path2.

6. Provide a description for the remote site / service.

7. Click Save
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License