Salesforce Developer Security Policy

salesforce-developer-security

New employees will review all security related materials listed in the Related 
Documents section with 60 days of employment.

New employees will also complete Salesforce's TrustAcademy security training 
program within 60 days of employment. TrustAcademy includes three sections:

1. AppExchange Security Review Process
2. Secure Development
3. Force.com Security Essentials. 

Please take screenshots of the completion certificates and post to Confluence.

Upon completion of Salesforce's security training program, a new employee will 
provide evidence of completion to IT management. 

Annual Review Process:

1. All employees will review all security related materials listed in the 
   Related Documents section annually.

2. Complete any new or certify previously completed training programs as 
   required by Salesforce's TrustAcademy.

3. Provide evidence to IT management of review.

// Related Documents:

1. OWASP Top 10 Vulnerabilities: 
   https://www.owasp.org/index.php/Top10#OWASP_Top_10_for_2013

2. Secure Coding Guidelines: 
   http://www.cert.org/secure-coding/publications/index.cfm

3. Salesforce Secure Coding Guidelines:
   https://developer.salesforce.com/page/Secure_Coding_Guideline

4. OWASP Ruby on Rails Security Guide:
   https://www.owasp.org/index.php/Category:OWASP_Ruby_on_Rails_Security_Guide_V2

5. RailsGoat - OWASP Ruby on Rails Security Training Site:
   http://railsgoat.cktricky.com/
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License