Salesforce Developer Security Policy
New employees will review all security related materials listed in the Related
Documents section with 60 days of employment.
New employees will also complete Salesforce's TrustAcademy security training
program within 60 days of employment. TrustAcademy includes three sections:
1. AppExchange Security Review Process
2. Secure Development
3. Force.com Security Essentials.
Please take screenshots of the completion certificates and post to Confluence.
Upon completion of Salesforce's security training program, a new employee will
provide evidence of completion to IT management.
Annual Review Process:
1. All employees will review all security related materials listed in the
Related Documents section annually.
2. Complete any new or certify previously completed training programs as
required by Salesforce's TrustAcademy.
3. Provide evidence to IT management of review.
// Related Documents:
1. OWASP Top 10 Vulnerabilities:
https://www.owasp.org/index.php/Top10#OWASP_Top_10_for_2013
2. Secure Coding Guidelines:
http://www.cert.org/secure-coding/publications/index.cfm
3. Salesforce Secure Coding Guidelines:
https://developer.salesforce.com/page/Secure_Coding_Guideline
4. OWASP Ruby on Rails Security Guide:
https://www.owasp.org/index.php/Category:OWASP_Ruby_on_Rails_Security_Guide_V2
5. RailsGoat - OWASP Ruby on Rails Security Training Site:
http://railsgoat.cktricky.com/
page revision: 0, last edited: 01 Jan 2017 22:47