Cracking the Security Review - Jaipur Cloud Connect 2019

V
Vishnu Kumar
#JCC19 - CONFIDENTIAL | DO NOT DISTRIBUTE Cracking the Security Review 10 AUG th SAT, 2019
#JCC19 - CONFIDENTIAL | DO NOT DISTRIBUTE I am Vishnu Kumar 11x Salesforce Certified Consultant MTX Group Inc. Blogger at 0to1Code.com Twitter & Github: @TheVishnuKumar Hello! 2
#JCC19 - CONFIDENTIAL | DO NOT DISTRIBUTE Welcome to Pink City 3 #JCC19
#JCC19 - CONFIDENTIAL | DO NOT DISTRIBUTE 4
#JCC19 - CONFIDENTIAL | DO NOT DISTRIBUTE “A good programmer looks both ways before crossing a one-way street.” 5
#JCC19 - CONFIDENTIAL | DO NOT DISTRIBUTE 6 Agenda ● App Journey ● Salesforce Security Review ● My Failed and Successful Security Reviews ● AppExchange Security Requirements Checklist ● Trailhead- Develop Secure Web Apps ● When It Is not True then “False Positive” ● Q&A
#JCC19 - CONFIDENTIAL | DO NOT DISTRIBUTE 7 Development Security Review Go Live Idea App Journey
#JCC19 - CONFIDENTIAL | DO NOT DISTRIBUTE Salesforce Security Review 8
#JCC19 - CONFIDENTIAL | DO NOT DISTRIBUTE My Failed and Successful Security Reviews 9 ● CRUD and FLS ● With sharing in classes ● XSS ● Wrong False Positive Report
#JCC19 - CONFIDENTIAL | DO NOT DISTRIBUTE Security Requirements Checklist 10 ● Who’s the audience for it? ● What does it contain? ● Checklist ● Checklist Builder
#JCC19 - CONFIDENTIAL | DO NOT DISTRIBUTE Trailhead- Develop Secure Web Apps 11 ● Injection Vulnerability Prevention ● App Logic Vulnerability Prevention ● Data Leak Prevention ● Secure Secret Storage ● Security for Lightning Components
#JCC19 - CONFIDENTIAL | DO NOT DISTRIBUTE When It Is not True then “False Positive” 12
#JCC19 - CONFIDENTIAL | DO NOT DISTRIBUTE Resources 13 ● ISVforce Security Review Guide ● Develop Secure Web Apps Trail (Trailhead) ● AppExchange Security Requirements Checklist ● Security Review Submission Requirements Checklist Builder ● Partner Security Portal ● Code Sample
#JCC19 - CONFIDENTIAL | DO NOT DISTRIBUTE 14 Thank You!
1 of 14

Cracking the Security Review - Jaipur Cloud Connect 2019

Download to read offline
Software

Cracking the Security Review is a session on presented at Jaipur Cloud Connect 2019. It provides the best guides to crack security review.

V
Vishnu Kumar

Recommended

OmniStudio - Ajmer User Group | Vishnu KumarOmniStudio - Ajmer User Group | Vishnu Kumar
OmniStudio - Ajmer User Group | Vishnu KumarVishnu Kumar
30 views12 slides
B2C Multi-Cloud Architecture by Neeraj PatniB2C Multi-Cloud Architecture by Neeraj Patni
B2C Multi-Cloud Architecture by Neeraj PatniVishnu Kumar
43 views17 slides
Adelaide Dev Event - 001.pptxAdelaide Dev Event - 001.pptx
Adelaide Dev Event - 001.pptxVishnu Kumar
137 views11 slides
Salesforce Einstein Vision ImplementationSalesforce Einstein Vision Implementation
Salesforce Einstein Vision ImplementationVishnu Kumar
1.7K views12 slides
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
18.2K views69 slides
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
4.5K views22 slides

More Related Content

Recently uploaded

Embedded RustEmbedded Rust
Embedded RustJens Siebert
519 views35 slides

Recently uploaded(20)

BSides Lisbon 2023 - AI in Cybersecurity.pdfBSides Lisbon 2023 - AI in Cybersecurity.pdf
BSides Lisbon 2023 - AI in Cybersecurity.pdf
Tiago Henriques68 views
DSD-INT 2023 FloodAdapt - A decision-support tool for compound flood risk mit...DSD-INT 2023 FloodAdapt - A decision-support tool for compound flood risk mit...
DSD-INT 2023 FloodAdapt - A decision-support tool for compound flood risk mit...
Deltares5 views
Upgrading Incident Management with Icinga - Icinga Camp Milan 2023Upgrading Incident Management with Icinga - Icinga Camp Milan 2023
Upgrading Incident Management with Icinga - Icinga Camp Milan 2023
Icinga29 views
Unleash The MonkeysUnleash The Monkeys
Unleash The Monkeys
Jacob Duijzer7 views
Embedded RustEmbedded Rust
Embedded Rust
Jens Siebert519 views
DSD-INT 2023 HydroMT model building and river-coast coupling in Python - Bove...DSD-INT 2023 HydroMT model building and river-coast coupling in Python - Bove...
DSD-INT 2023 HydroMT model building and river-coast coupling in Python - Bove...
Deltares10 views
[PHPCon 2023] Blaski i ciebie BDD[PHPCon 2023] Blaski i ciebie BDD
[PHPCon 2023] Blaski i ciebie BDD
Mateusz Zalewski45 views
LAVADORA ROLO.docxLAVADORA ROLO.docx
LAVADORA ROLO.docx
SamuelRamirez835247 views
Les nouveautés produit Neo4j Les nouveautés produit Neo4j
Les nouveautés produit Neo4j
Neo4j26 views
Roadmap y Novedades de productoRoadmap y Novedades de producto
Roadmap y Novedades de producto
Neo4j5 views
Winter '24 Release Chat.pdfWinter '24 Release Chat.pdf
Winter '24 Release Chat.pdf
melbourneauuser8 views
Mark Simpson - UKOUG23 - Refactoring Monolithic Oracle Database Applications ...Mark Simpson - UKOUG23 - Refactoring Monolithic Oracle Database Applications ...
Mark Simpson - UKOUG23 - Refactoring Monolithic Oracle Database Applications ...
marksimpsongw74 views
Best Mics For Your Live StreamingBest Mics For Your Live Streaming
Best Mics For Your Live Streaming
ontheflystream6 views
ict act 1.pptxict act 1.pptx
ict act 1.pptx
sanjaniarun089 views
SUGCON ANZ Presentation V2.1 Final.pptxSUGCON ANZ Presentation V2.1 Final.pptx
SUGCON ANZ Presentation V2.1 Final.pptx
Jack Spektor19 views
DSD-INT 2023 Delft3D FM Suite 2024.01 2D3D - New features + Improvements - Ge...DSD-INT 2023 Delft3D FM Suite 2024.01 2D3D - New features + Improvements - Ge...
DSD-INT 2023 Delft3D FM Suite 2024.01 2D3D - New features + Improvements - Ge...
Deltares5 views
Applying Platform Engineering Thinking to Observability.pdfApplying Platform Engineering Thinking to Observability.pdf
Applying Platform Engineering Thinking to Observability.pdf
Natan Yellin10 views
DSD-INT 2023 Delft3D FM Suite 2024.01 1D2D - Beta testing programme - GeertsemaDSD-INT 2023 Delft3D FM Suite 2024.01 1D2D - Beta testing programme - Geertsema
DSD-INT 2023 Delft3D FM Suite 2024.01 1D2D - Beta testing programme - Geertsema
Deltares5 views
DSD-INT 2023 SFINCS Modelling in the U.S. Pacific Northwest - ParkerDSD-INT 2023 SFINCS Modelling in the U.S. Pacific Northwest - Parker
DSD-INT 2023 SFINCS Modelling in the U.S. Pacific Northwest - Parker
Deltares7 views
DSD-INT 2023 Simulation of Coastal Hydrodynamics and Water Quality in Hong Ko...DSD-INT 2023 Simulation of Coastal Hydrodynamics and Water Quality in Hong Ko...
DSD-INT 2023 Simulation of Coastal Hydrodynamics and Water Quality in Hong Ko...
Deltares7 views

Featured

Featured(20)

Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
Christy Abraham Joy82.1K views
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
Vit Horky169.6K views
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
MindGenius36.6K views
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
RachelPearson3612.5K views
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Applitools55.4K views
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
GetSmarter401.6K views
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
Alireza Esmikhani30.2K views
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
Project for Public Spaces & National Center for Biking and Walking6.9K views
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
DevGAMM Conference3.6K views
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
Erica Santiago25.1K views
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Saba Software25.2K views
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming Language
Simplilearn8.4K views
The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...
The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...
Palo Alto Software88.3K views
9 Tips for a Work-free Vacation9 Tips for a Work-free Vacation
9 Tips for a Work-free Vacation
Weekdone.com7.1K views
I Rock Therefore I Am. 20 Legendary Quotes from PrinceI Rock Therefore I Am. 20 Legendary Quotes from Prince
I Rock Therefore I Am. 20 Legendary Quotes from Prince
Empowered Presentations142.8K views
How to Map Your FutureHow to Map Your Future
How to Map Your Future
SlideShop.com275.1K views
Beyond Pride: Making Digital Marketing & SEO Authentically LGBTQ+ Inclusive -...Beyond Pride: Making Digital Marketing & SEO Authentically LGBTQ+ Inclusive -...
Beyond Pride: Making Digital Marketing & SEO Authentically LGBTQ+ Inclusive -...
AccuraCast3.4K views
Read with Pride | LGBTQ+ ReadsRead with Pride | LGBTQ+ Reads
Read with Pride | LGBTQ+ Reads
Kayla Martin-Gant1.1K views
Exploring ChatGPT for Effective Teaching and Learning.pptxExploring ChatGPT for Effective Teaching and Learning.pptx
Exploring ChatGPT for Effective Teaching and Learning.pptx
Stan Skrabut, Ed.D.57.6K views
How to train your robot (with Deep Reinforcement Learning)How to train your robot (with Deep Reinforcement Learning)
How to train your robot (with Deep Reinforcement Learning)
Lucas García, PhD42.5K views

Cracking the Security Review - Jaipur Cloud Connect 2019

  • 1. #JCC19 - CONFIDENTIAL | DO NOT DISTRIBUTE Cracking the Security Review 10 AUG th SAT, 2019
  • 2. #JCC19 - CONFIDENTIAL | DO NOT DISTRIBUTE I am Vishnu Kumar 11x Salesforce Certified Consultant MTX Group Inc. Blogger at 0to1Code.com Twitter & Github: @TheVishnuKumar Hello! 2
  • 3. #JCC19 - CONFIDENTIAL | DO NOT DISTRIBUTE Welcome to Pink City 3 #JCC19
  • 4. #JCC19 - CONFIDENTIAL | DO NOT DISTRIBUTE 4
  • 5. #JCC19 - CONFIDENTIAL | DO NOT DISTRIBUTE “A good programmer looks both ways before crossing a one-way street.” 5
  • 6. #JCC19 - CONFIDENTIAL | DO NOT DISTRIBUTE 6 Agenda ● App Journey ● Salesforce Security Review ● My Failed and Successful Security Reviews ● AppExchange Security Requirements Checklist ● Trailhead- Develop Secure Web Apps ● When It Is not True then “False Positive” ● Q&A
  • 7. #JCC19 - CONFIDENTIAL | DO NOT DISTRIBUTE 7 Development Security Review Go Live Idea App Journey
  • 8. #JCC19 - CONFIDENTIAL | DO NOT DISTRIBUTE Salesforce Security Review 8
  • 9. #JCC19 - CONFIDENTIAL | DO NOT DISTRIBUTE My Failed and Successful Security Reviews 9 ● CRUD and FLS ● With sharing in classes ● XSS ● Wrong False Positive Report
  • 10. #JCC19 - CONFIDENTIAL | DO NOT DISTRIBUTE Security Requirements Checklist 10 ● Who’s the audience for it? ● What does it contain? ● Checklist ● Checklist Builder
  • 11. #JCC19 - CONFIDENTIAL | DO NOT DISTRIBUTE Trailhead- Develop Secure Web Apps 11 ● Injection Vulnerability Prevention ● App Logic Vulnerability Prevention ● Data Leak Prevention ● Secure Secret Storage ● Security for Lightning Components
  • 12. #JCC19 - CONFIDENTIAL | DO NOT DISTRIBUTE When It Is not True then “False Positive” 12
  • 13. #JCC19 - CONFIDENTIAL | DO NOT DISTRIBUTE Resources 13 ● ISVforce Security Review Guide ● Develop Secure Web Apps Trail (Trailhead) ● AppExchange Security Requirements Checklist ● Security Review Submission Requirements Checklist Builder ● Partner Security Portal ● Code Sample
  • 14. #JCC19 - CONFIDENTIAL | DO NOT DISTRIBUTE 14 Thank You!