This webinar covers key topics and best practices on how to securely connect your applications with Salesforce. We will demonstrate Salesforce recommended solutions to securely handle secrets within your application and help you prevent data leaks
You will also learn how to set up a Salesforce Connected App to handle authentication and access control when integrating with Salesforce.
When building an enterprise solution or creating an app, data often comes from multiple systems, and business processes frequently cross application boundaries.
Salesforce offers a rich library of programmatic and point-and-click integration tools to customize business processes that span multiple application systems. In this webinar, we will survey the many integration options and technologies available in Salesforce, including newer API and integration features.
This webinar is the first in a series that will explore several ways to integrate systems and services with Salesforce.
Salesforce API Series: Integrating Applications with Force.com WebinarSalesforce Developers
Force.com APIs allow you to easily integrate back-office applications with Force.com while leveraging existing platform choices for systems like ERP, Financials and other custom applications. This webinar, the first in a series covering all Salesforce APIs, focuses on the SOAP and REST APIs, and will present asynchronous integration options, showing how they can be used to access data in Force.com and connect other applications to Force.com. Future webinars will focus on the APIs specific to Service Cloud, Collaboration, Metadata and the Tooling API.
Watch this webinar to learn how to make basic API calls using Java, and implement inbound and outbound calls to and from Force.com.
Key Takeaways
Learn about the various API options available to you when integrating Force.com with other applications.
See how the basic SOAP and REST APIs work in an application.
Implement a commonly used pattern to integrate information from Force.com to an external system.
Intended Audience
Force.com developers or Integration developers and architects with a working understanding of Web Services.
With the Lightning Framework you can build modern apps faster and run them across all your devices. With the Winter ’17 Release, we’ve delivered a number of enhancements to Lightning to help you build even faster including new Lightning Base Components and Lightning Data Services. Learn about these important new features and more in this must-attend webinar.
- Accessing data more easily and efficiently with the new Lightning Data Service
- Building Lightning Components faster with new Lightning Base Components
- Developing more interactive experiences with new Lightning Quick Actions and the Utility Bar
Easy REST Integrations with Lightning Components and Salesforce1Salesforce Developers
It is time to integrate. Keep it simple, and keep it integrated. APIs here, APIs there, APIs everywhere. Let's take advantage of this revolution and take a step forward with these amazing new tools: Salesforce1 and Lightning Components. Join us as we show you how to build such integrations easily and quickly. Are you designing a new brand component and want to integrate with an external system? Or, just curious about how to do it with Lightning Components and Salesforce1. You will learn how to build a Lightning Component that will be placed in Salesforce1 and that will interact with an external REST service. We will show you how to quickly achieve awesome results by mixing Salesforce1, a Lightning Component, a bit of Javascript, a tiny Apex class, and a Rest Endpoint.
This document discusses Salesforce's Lightning Design System (SLDS) and how it was created to support the development of Lightning Experience and Lightning Components. It describes how SLDS provides standardized UI components, styles, and patterns to help ensure consistency across Salesforce applications. It also discusses how SLDS uses tools like a CSS framework, responsive grid system, and design tokens to make the system flexible and customizable. Finally, it provides examples and guidelines for using SLDS components within Lightning Components.
So you have made the decision to move to Lightning, but what does that mean for your Visualforce pages? Join us to find out what works and what doesn’t, strategies for the things you might need to fix, and finally, how to update your pages with the Salesforce Lightning Design System, and much more.
Want to learn how to publish and distribute your Lightning Components? Join us to learn the steps for packaging Lighting Components and the process to list them on the Lightning Exchange for Components. In this session, we will discuss tips for packaging Components and best practices for managing versioning.
Salesforce is an open and easily extensible platform. However, sometimes it's hard to figure out the best, most secure way to build these integrations. Join us as we help you build secure integrations with Salesforce by understanding the platform authentication and authorization constructs like profile permissions and OAuth scopes. We will demonstrate the importance of leveraging Salesforce security features like mutual SSL, IP range restrictions, and Connected Apps.
When building an enterprise solution or creating an app, data often comes from multiple systems, and business processes frequently cross application boundaries.
Salesforce offers a rich library of programmatic and point-and-click integration tools to customize business processes that span multiple application systems. In this webinar, we will survey the many integration options and technologies available in Salesforce, including newer API and integration features.
This webinar is the first in a series that will explore several ways to integrate systems and services with Salesforce.
Salesforce API Series: Integrating Applications with Force.com WebinarSalesforce Developers
Force.com APIs allow you to easily integrate back-office applications with Force.com while leveraging existing platform choices for systems like ERP, Financials and other custom applications. This webinar, the first in a series covering all Salesforce APIs, focuses on the SOAP and REST APIs, and will present asynchronous integration options, showing how they can be used to access data in Force.com and connect other applications to Force.com. Future webinars will focus on the APIs specific to Service Cloud, Collaboration, Metadata and the Tooling API.
Watch this webinar to learn how to make basic API calls using Java, and implement inbound and outbound calls to and from Force.com.
Key Takeaways
Learn about the various API options available to you when integrating Force.com with other applications.
See how the basic SOAP and REST APIs work in an application.
Implement a commonly used pattern to integrate information from Force.com to an external system.
Intended Audience
Force.com developers or Integration developers and architects with a working understanding of Web Services.
With the Lightning Framework you can build modern apps faster and run them across all your devices. With the Winter ’17 Release, we’ve delivered a number of enhancements to Lightning to help you build even faster including new Lightning Base Components and Lightning Data Services. Learn about these important new features and more in this must-attend webinar.
- Accessing data more easily and efficiently with the new Lightning Data Service
- Building Lightning Components faster with new Lightning Base Components
- Developing more interactive experiences with new Lightning Quick Actions and the Utility Bar
Easy REST Integrations with Lightning Components and Salesforce1Salesforce Developers
It is time to integrate. Keep it simple, and keep it integrated. APIs here, APIs there, APIs everywhere. Let's take advantage of this revolution and take a step forward with these amazing new tools: Salesforce1 and Lightning Components. Join us as we show you how to build such integrations easily and quickly. Are you designing a new brand component and want to integrate with an external system? Or, just curious about how to do it with Lightning Components and Salesforce1. You will learn how to build a Lightning Component that will be placed in Salesforce1 and that will interact with an external REST service. We will show you how to quickly achieve awesome results by mixing Salesforce1, a Lightning Component, a bit of Javascript, a tiny Apex class, and a Rest Endpoint.
This document discusses Salesforce's Lightning Design System (SLDS) and how it was created to support the development of Lightning Experience and Lightning Components. It describes how SLDS provides standardized UI components, styles, and patterns to help ensure consistency across Salesforce applications. It also discusses how SLDS uses tools like a CSS framework, responsive grid system, and design tokens to make the system flexible and customizable. Finally, it provides examples and guidelines for using SLDS components within Lightning Components.
So you have made the decision to move to Lightning, but what does that mean for your Visualforce pages? Join us to find out what works and what doesn’t, strategies for the things you might need to fix, and finally, how to update your pages with the Salesforce Lightning Design System, and much more.
Want to learn how to publish and distribute your Lightning Components? Join us to learn the steps for packaging Lighting Components and the process to list them on the Lightning Exchange for Components. In this session, we will discuss tips for packaging Components and best practices for managing versioning.
Salesforce is an open and easily extensible platform. However, sometimes it's hard to figure out the best, most secure way to build these integrations. Join us as we help you build secure integrations with Salesforce by understanding the platform authentication and authorization constructs like profile permissions and OAuth scopes. We will demonstrate the importance of leveraging Salesforce security features like mutual SSL, IP range restrictions, and Connected Apps.
In this webinar, we'll share how you can leverage the tools and best practices available to promote healthy Application Lifecycle Management.
Learn about the latest advancements we've made in our Sandbox environments, metadata API, deployments, namespaces and source control management, how the brand new Apex Debugger extends the Force.com IDE, and how these updates can be leveraged to enhance your development efforts and transformation.
Lightning allows developers to customize their apps to a degree not previously possible - especially when using the Lightning App Builder and the new Lightning Utility Bar. In this webinar, we will introduce you to best practices for designing component-based architecture when building advanced apps that make the most out of new Lightning Experience features.
Heroku recently announced a new part of Heroku Enterprise called Private Spaces that allows you to run your own Heroku in a separate but still managed cloud. This webinar will cover the basics of Heroku and Private Spaces. Private Spaces provides an isolated network for your apps and data, enhancing security and privacy. You will learn how to securely integrate your Heroku apps with Salesforce using IP restrictions.
In addition you will learn how you can use Private Spaces to pick specific geographic locations for your Private Spaces, aiding in privacy and performance requirements.
Key Takeaways
- Learn the basics of Heroku Private Spaces
- See how Private Spaces will help improve security for your cloud apps
- Explore the benefits of using Private Spaces with Salesforce
- Watch live demos from Salesforce & Heroku Evangelists
This document provides an overview of Lightning Web Components Episode 2 which focuses on working with Salesforce data. It discusses how the Lightning Data Service and UI API are used to retrieve and display Salesforce record data. It also demonstrates how to use wire services to connect Lightning Web Components to Apex methods to retrieve and manipulate data. The document concludes with instructions for configuring Lightning Web Components to be used in the Lightning App Builder.
Greg Wester introduces Apex Realtime Debugger, a new tool that allows developers to debug Apex code and triggers live in sandboxes and production environments. It instruments the platform to observe Apex code execution and provides unit tests, debug logs, and an interactive debugger. This helps developers reproduce and fix bugs that may only appear in complex sandbox and production environments due to differences from developer orgs in metadata, data, and managed code. The debugger can be used to debug async Apex code and works like a local debugger with a dedicated leased line session. It is generally available with licenses assigned per org and can be trialed.
Lightning allows developers to rapidly develop highly interactive applications with Lightning Components. In this webinar, we will show you the best practices to build a single page application by using features from the Lightning Component framework.
Bots are redefining the way users engage with applications, and natural language is the new UI! Bots allow users to access information in an unstructured manner, using natural language and from wherever they happen to be without having to switch context and load a dedicated app. The possibilities are endless! Join us in this session as we explore how to build Salesforce-powered bots for Facebook Messenger, Slack, Alexa, and Chatter.
Build, Manage, and Deploy Mobile Apps Faster with App Cloud MobileSalesforce Developers
Want to build mobile apps faster with the new App Cloud Mobile? In this session, learn from Salesforce mobile development experts as they show you how to build, deploy and manage mobile applications using the Mobile SDK, Heroku, Lightning Components and the Salesforce1 mobile app.
In this exclusive webinar you'll learn about
- Developing apps for iOS, Android and Hybrid Mobile environments with App Cloud Mobile
- Using Heroku as Mobile Backend as a Service (MBaaS)
- Building and Deploying Mobile Apps with Salesforce1
This document discusses using Lightning Communities to build better communities. It provides an overview of the evolution of Lightning Communities from basic templates to full platform capabilities. Lightning Community Templates offer pre-packaged solutions for use cases like customer service, partner portals, and helpdesks. The Lightning Community Builder allows customizing communities visually without coding. The document also promotes social engagement around Salesforce communities.
Want to improve the performance of your Lightning components and applications? This webinar is for you! Whether you are an experienced Lightning component developer or just starting, you’ll learn a series of best practices you can immediately implement to make your components load faster, run faster, and access data more efficiently.
This document provides an overview and agenda for a webinar on coding apps in the cloud with Force.com - Part II. The webinar will include a demo of Visualforce pages, controllers, using JavaScript in Visualforce pages, and a Q&A session. Visualforce allows developers to build dynamic HTML user interfaces for apps using custom tags and an expression language. Controllers provide the logic and data for Visualforce pages. JavaScript can be used to build engaging UIs and leverage JavaScript libraries. The demo will cover standard and custom controllers, extensions, and integrating JavaScript.
Over the past two months, we’ve announced many new resources for developers at Dreamforce and TrailheaDX India. To learn all about them, watch this video, where we'll explore live demos showcasing the latest updates for Lightning Web Components (LWC), Einstein, Heroku, and a lot more on the Customer 360 Platform.
In this session we,
- Explore key highlights from TrailheaDX India
- Show live demos of generally available features
- Explain how you can benefit from these features
The document discusses secure development practices on the Salesforce platform. It covers topics like cross-site scripting (XSS), open redirects, and cross-site request forgery (CSRF). For XSS, it describes different types (reflected, stored, DOM) and provides examples of how to properly encode output. For open redirects, it explains the risk and best practices like whitelisting URLs. For CSRF, it discusses how to prevent malicious requests by using tokens validated on the server. The document aims to help developers understand and address common vulnerabilities.
Join us to explore the Wave Platform, including APIs, data loading, packaging, and licensing. We will discuss using Wave with Force.com, including Visualforce, Lightning, Apex, REST, and more.
This document provides an overview and introduction to Apex for developers. It begins with an introduction to Apex and the Salesforce platform. It then outlines the agenda which includes an overview of the platform, writing Apex classes, accessing data using SOQL and DML, writing triggers, and additional topics like Visualforce, REST APIs, and unit testing. It encourages participants to use their developer environment and provides a link to sign up. It describes what will be built in the session which is an app to manage sessions and speakers at a conference. It includes two forward-looking statements disclaimers.
Lightning Components form the basis of the Salesforce UIs, including the newly announced Lightning Experience. But what do you do when you can?t migrate everything into Salesforce, or you want to use Salesforce in an external site and find building everything yourself daunting? With Lightning Out you can now use the components from Salesforce, our partners, and your own custom components in most any remote site. Join the team that built this technology to see what it can do for you.
In this first installment of our Secure Salesforce Development webinar series members of the Salesforce Trust team will introduce the core concepts behind developing secure applications on the Salesforce platform using Apex and Visualforce. We’ll walk through creation and development of a simple, on-platform app and examine common security vulnerabilities that developers unintentionally introduce to their applications. After discussing the danger of these vulnerabilities and demonstrating their impact we’ll go in depth into how to avoid introducing them in your code, how to review existing code and find them, and how to fix them.
This document discusses advanced topics related to Lightning Components. It begins with an agenda that covers best practices, debugging, demos, and Q&A. In the best practices section, it recommends using $A instead of "aura" when accessing APIs, avoiding method name collisions, and using the official API. It also suggests handling events efficiently and avoiding unnecessary DOM manipulation. The debugging section provides tips for using browser developer tools and enabling pause on caught exceptions. Demos and Q&A were also on the agenda.
This session will introduce Locker Service, a new feature of the Lightning Component Framework which serves to manage JavaScript security while rendering Lightning applications. Get the background on why Locker Service is necessary, what you'll need to know to implement and the advantages it offers the platform.
The document provides an overview of Salesforce and its cloud platform capabilities from a technical perspective. It discusses Salesforce's multi-tenant architecture and global data center infrastructure, how it enables massive scalability and high performance for enterprise applications. It also covers the different approaches for developing on the Salesforce platform, including declarative and programmatic development using tools like Apex, Visualforce, and the API.
As more and more applications are adopting the API-first approach, it's important to understand that building and using APIs comes with its own set of security concerns, even though it abstracts away the issues caused at the presentation layer. Join us as we dive deeper into best practices for building secure API endpoints. We'll also discuss the importance of transport security and common pitfalls in SSL configurations.
As frameworks and languages have evolved, creating a mobile app has never been easier. But can an easy mobile app be secure? Join our mobile security experts to discuss the Salesforce Mobile SDK and learn everything you need to know about hardening your mobile apps. We will discuss some common mobile vulnerabilities and mistakes, then dive deep into how the Salesforce Mobile SDK makes following our security best practices easy and painless!
In this webinar, we'll share how you can leverage the tools and best practices available to promote healthy Application Lifecycle Management.
Learn about the latest advancements we've made in our Sandbox environments, metadata API, deployments, namespaces and source control management, how the brand new Apex Debugger extends the Force.com IDE, and how these updates can be leveraged to enhance your development efforts and transformation.
Lightning allows developers to customize their apps to a degree not previously possible - especially when using the Lightning App Builder and the new Lightning Utility Bar. In this webinar, we will introduce you to best practices for designing component-based architecture when building advanced apps that make the most out of new Lightning Experience features.
Heroku recently announced a new part of Heroku Enterprise called Private Spaces that allows you to run your own Heroku in a separate but still managed cloud. This webinar will cover the basics of Heroku and Private Spaces. Private Spaces provides an isolated network for your apps and data, enhancing security and privacy. You will learn how to securely integrate your Heroku apps with Salesforce using IP restrictions.
In addition you will learn how you can use Private Spaces to pick specific geographic locations for your Private Spaces, aiding in privacy and performance requirements.
Key Takeaways
- Learn the basics of Heroku Private Spaces
- See how Private Spaces will help improve security for your cloud apps
- Explore the benefits of using Private Spaces with Salesforce
- Watch live demos from Salesforce & Heroku Evangelists
This document provides an overview of Lightning Web Components Episode 2 which focuses on working with Salesforce data. It discusses how the Lightning Data Service and UI API are used to retrieve and display Salesforce record data. It also demonstrates how to use wire services to connect Lightning Web Components to Apex methods to retrieve and manipulate data. The document concludes with instructions for configuring Lightning Web Components to be used in the Lightning App Builder.
Greg Wester introduces Apex Realtime Debugger, a new tool that allows developers to debug Apex code and triggers live in sandboxes and production environments. It instruments the platform to observe Apex code execution and provides unit tests, debug logs, and an interactive debugger. This helps developers reproduce and fix bugs that may only appear in complex sandbox and production environments due to differences from developer orgs in metadata, data, and managed code. The debugger can be used to debug async Apex code and works like a local debugger with a dedicated leased line session. It is generally available with licenses assigned per org and can be trialed.
Lightning allows developers to rapidly develop highly interactive applications with Lightning Components. In this webinar, we will show you the best practices to build a single page application by using features from the Lightning Component framework.
Bots are redefining the way users engage with applications, and natural language is the new UI! Bots allow users to access information in an unstructured manner, using natural language and from wherever they happen to be without having to switch context and load a dedicated app. The possibilities are endless! Join us in this session as we explore how to build Salesforce-powered bots for Facebook Messenger, Slack, Alexa, and Chatter.
Build, Manage, and Deploy Mobile Apps Faster with App Cloud MobileSalesforce Developers
Want to build mobile apps faster with the new App Cloud Mobile? In this session, learn from Salesforce mobile development experts as they show you how to build, deploy and manage mobile applications using the Mobile SDK, Heroku, Lightning Components and the Salesforce1 mobile app.
In this exclusive webinar you'll learn about
- Developing apps for iOS, Android and Hybrid Mobile environments with App Cloud Mobile
- Using Heroku as Mobile Backend as a Service (MBaaS)
- Building and Deploying Mobile Apps with Salesforce1
This document discusses using Lightning Communities to build better communities. It provides an overview of the evolution of Lightning Communities from basic templates to full platform capabilities. Lightning Community Templates offer pre-packaged solutions for use cases like customer service, partner portals, and helpdesks. The Lightning Community Builder allows customizing communities visually without coding. The document also promotes social engagement around Salesforce communities.
Want to improve the performance of your Lightning components and applications? This webinar is for you! Whether you are an experienced Lightning component developer or just starting, you’ll learn a series of best practices you can immediately implement to make your components load faster, run faster, and access data more efficiently.
This document provides an overview and agenda for a webinar on coding apps in the cloud with Force.com - Part II. The webinar will include a demo of Visualforce pages, controllers, using JavaScript in Visualforce pages, and a Q&A session. Visualforce allows developers to build dynamic HTML user interfaces for apps using custom tags and an expression language. Controllers provide the logic and data for Visualforce pages. JavaScript can be used to build engaging UIs and leverage JavaScript libraries. The demo will cover standard and custom controllers, extensions, and integrating JavaScript.
Over the past two months, we’ve announced many new resources for developers at Dreamforce and TrailheaDX India. To learn all about them, watch this video, where we'll explore live demos showcasing the latest updates for Lightning Web Components (LWC), Einstein, Heroku, and a lot more on the Customer 360 Platform.
In this session we,
- Explore key highlights from TrailheaDX India
- Show live demos of generally available features
- Explain how you can benefit from these features
The document discusses secure development practices on the Salesforce platform. It covers topics like cross-site scripting (XSS), open redirects, and cross-site request forgery (CSRF). For XSS, it describes different types (reflected, stored, DOM) and provides examples of how to properly encode output. For open redirects, it explains the risk and best practices like whitelisting URLs. For CSRF, it discusses how to prevent malicious requests by using tokens validated on the server. The document aims to help developers understand and address common vulnerabilities.
Join us to explore the Wave Platform, including APIs, data loading, packaging, and licensing. We will discuss using Wave with Force.com, including Visualforce, Lightning, Apex, REST, and more.
This document provides an overview and introduction to Apex for developers. It begins with an introduction to Apex and the Salesforce platform. It then outlines the agenda which includes an overview of the platform, writing Apex classes, accessing data using SOQL and DML, writing triggers, and additional topics like Visualforce, REST APIs, and unit testing. It encourages participants to use their developer environment and provides a link to sign up. It describes what will be built in the session which is an app to manage sessions and speakers at a conference. It includes two forward-looking statements disclaimers.
Lightning Components form the basis of the Salesforce UIs, including the newly announced Lightning Experience. But what do you do when you can?t migrate everything into Salesforce, or you want to use Salesforce in an external site and find building everything yourself daunting? With Lightning Out you can now use the components from Salesforce, our partners, and your own custom components in most any remote site. Join the team that built this technology to see what it can do for you.
In this first installment of our Secure Salesforce Development webinar series members of the Salesforce Trust team will introduce the core concepts behind developing secure applications on the Salesforce platform using Apex and Visualforce. We’ll walk through creation and development of a simple, on-platform app and examine common security vulnerabilities that developers unintentionally introduce to their applications. After discussing the danger of these vulnerabilities and demonstrating their impact we’ll go in depth into how to avoid introducing them in your code, how to review existing code and find them, and how to fix them.
This document discusses advanced topics related to Lightning Components. It begins with an agenda that covers best practices, debugging, demos, and Q&A. In the best practices section, it recommends using $A instead of "aura" when accessing APIs, avoiding method name collisions, and using the official API. It also suggests handling events efficiently and avoiding unnecessary DOM manipulation. The debugging section provides tips for using browser developer tools and enabling pause on caught exceptions. Demos and Q&A were also on the agenda.
This session will introduce Locker Service, a new feature of the Lightning Component Framework which serves to manage JavaScript security while rendering Lightning applications. Get the background on why Locker Service is necessary, what you'll need to know to implement and the advantages it offers the platform.
The document provides an overview of Salesforce and its cloud platform capabilities from a technical perspective. It discusses Salesforce's multi-tenant architecture and global data center infrastructure, how it enables massive scalability and high performance for enterprise applications. It also covers the different approaches for developing on the Salesforce platform, including declarative and programmatic development using tools like Apex, Visualforce, and the API.
As more and more applications are adopting the API-first approach, it's important to understand that building and using APIs comes with its own set of security concerns, even though it abstracts away the issues caused at the presentation layer. Join us as we dive deeper into best practices for building secure API endpoints. We'll also discuss the importance of transport security and common pitfalls in SSL configurations.
As frameworks and languages have evolved, creating a mobile app has never been easier. But can an easy mobile app be secure? Join our mobile security experts to discuss the Salesforce Mobile SDK and learn everything you need to know about hardening your mobile apps. We will discuss some common mobile vulnerabilities and mistakes, then dive deep into how the Salesforce Mobile SDK makes following our security best practices easy and painless!
Secure Salesforce: Hardened Apps with the Mobile SDKMartin Vigo
The document discusses secure development techniques for mobile apps using the Salesforce Mobile SDK. It covers topics like secure storage, authentication and authorization, session management, and protecting against untrusted inputs. The presenters demonstrate how the Mobile SDK addresses these security issues and makes it easier for developers to build secure apps that integrate with Salesforce. Additional resources on mobile and web security are provided at the end.
How safe are your Lightning Components? Join us and learn about the foundations required for a secure application built on Lightning. We'll cover common misconceptions around field-level security, CRUD, content security policy (CSP), as well as other common mistakes with Lightning. You'll walk away with all the best practices for hardening your application and keeping your data secure.
Salesforce Identity Management. Basics of authentication and authorization. SAML, OAuth 2.0, DIfferent flows in Oauth 2.o, Demo in Saklesforce for Identity and Service Provider. Fremont Trailblazer Group March 2020 Presentation.
The Salesforce platform provides an open, flexible, robust and secure integration layer to help customers integrate their enterprise applications and legacy systems with Salesforce. Join us for a discussion and demonstrations of integration scenarios using standard Salesforce APIs and new offerings, like Salesforce Canvas.
As your Salesforce implementations become more complex, working with multiple orgs becomes a standard hurdle. Connecting with the correct data, at the correct time, when you have multiple orgs can be very difficult. Join us as we explore the new Lightning Connect: Salesforce Adapter. We'll examine how Admins can connect multiple orgs together, how data can be shared between those orgs, and how you can continue to build a complete view of your customers.
The Salesforce platform offers system as well as application level security capabilities for building robust and secure applications. Join us as we introduce the system-level security features of Salesforce, like authentication and authorization mechanisms that include various Single Sign-On and OAuth flows. We'll also cover declarative application-level security features, like user profiles, roles and permissions, and how an Organization Wide Security and record-sharing model enforces a finer level of access control over the data.
Control your world using the Salesforce1 Platform (IoT)InternetCreations
This document discusses how to use the Salesforce1 platform and APIs to connect internet of things (IoT) devices and integrate sensor data into Salesforce. It provides examples of using the HTTP callout class to control Christmas lights connected to an Arduino board and using the REST API and a workflow to flash lights when a case is created. Another example demonstrates reading temperature data from a sensor using the REST API. Resources for learning more about the Salesforce REST API and integration patterns are also included.
What’s new in summer’15 release - Security & ComplianceShesh Kondi
The Summer'15 Release of Salesforce is going live during the second week of June.
Find out what's new in the Security and Compliance areas in the new release.
WebRTC(Web Real-Time Communications) is a web technology that allows users to make video/audio communications natively over the web. Join us as we explain WebRTC and show you how to use it in a demo app running on the Force.com Platform.
If you've seen the news lately, you know you need strong security protections for your online systems. Join us as we teach you that access control features like IP range restrictions, identity confirmation, and two-factor authentication are absolutely critical to the protection of your Salesforce instance. Hear from Salesforce security engineers about how these protections work, threats they mitigate, and possible drawbacks. We'll also teach you some tricks to securely using Salesforce alongside these features.
CodeScience is a Salesforce consulting firm that was founded in 2008 with 75 employees across offices in Chattanooga and San Francisco. They have built over 90 apps on the Salesforce AppExchange and provide professional services focused on the Salesforce platform. Lightning Out allows developers to render Lightning components outside of Salesforce, including in mobile apps, web pages, and other platforms. It uses OAuth for authentication and handles security through features like CORS and HTTPS. Developers can build Lightning Out applications using JavaScript frameworks in Node.js, SharePoint, and other platforms.
MuleSoft Surat Virtual Meetup#24 - MuleSoft and Salesforce Integration and De...Jitendra Bafna
This document provides an overview and agenda for a presentation on configuring and using the MuleSoft Salesforce connector for integration. It discusses prerequisites, an introduction to Salesforce basics, an overview of the Salesforce connector functionality and installation, authentication configuration options, and examples of integration use cases including data migration, broadcast patterns, and importing files from FTP to Salesforce objects. The presentation will demonstrate connector configuration, authentication, and these integration patterns.
Devendra Sawant and Shraddha Salvi presented on various topics from the Salesforce Summer '20 release. Key points included:
1. The new Split List View feature allows users to see list view data and a selected record simultaneously. Dynamic Forms allow creating sub-sections on Lightning pages with visibility rules.
2. The Salesforce Optimizer tool is now an interactive app to analyze org performance. The new In-App Guidance Builder simplifies creating prompts and guidance for users.
3. Major Flow updates include running flows after record saves, triggering flows from platform events, simplified loop elements, bypassing permissions, and passing records from Lightning pages.
4. Additional topics
Securing ap is oauth and fine grained access controlAaronLieberman5
API security is always a major consideration, but most API developers feel like they are not equipped with the skills necessary to properly secure an API.
In this presentation, we will talk about how some common API gateway security mechanisms can work effectively to secure a MuleSoft API. We will start with key concepts of API security such as zero trust, OAuth 2.0, and access control. Then, we will demonstrate a secure method to protect your APIs using OAuth 2.0 and token introspection to achieve access control on a MuleSoft API. The solution will demonstrate how to use the combination of MuleSoft security policies and a powerful identity provider in PingFederate by Ping Identity to achieve API security on MuleSoft APIs.
No API security session is complete without discussing different methods of API security and lessons learned from working through the demo so we will close with discussing various options that can be used to achieve similar results for API security and what the benefits or downfalls are of each option.
Build Consumer-Facing Apps with Heroku ConnectJeff Douglas
This document discusses Heroku Connect, a service that provides bi-directional data sync between Salesforce and Heroku Postgres. It allows developers to more easily build customer-facing apps by leveraging familiar tools like Postgres and standard workflows while keeping data secure in Salesforce. Heroku Connect works by synchronizing data for standard or custom objects using timestamps to detect changes and implementing a "last writer wins" approach. It automatically maps objects and tables during setup. Best practices include updating mappings for deleted fields and being careful of validation rules or required fields on insert.
This document provides an overview of an academy that will teach attendees how to secure an existing unsecured web application that processes online purchases. The academy will cover applying authentication, authorization, securing connectivity, and encrypting credit card data. The scenario involves securing an e-commerce application called Things-R-Us that is currently non-secure and integrates various systems. The agenda includes securing the application, connectivity, and encrypting specific data elements.
Similar to Secure Development on the Salesforce Platform - Part 3 (20)
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemPeter Muessig
Learn about the latest innovations in and around OpenUI5/SAPUI5: UI5 Tooling, UI5 linter, UI5 Web Components, Web Components Integration, UI5 2.x, UI5 GenAI.
Recording:
https://www.youtube.com/live/MSdGLG2zLy8?si=INxBHTqkwHhxV5Ta&t=0
Hand Rolled Applicative User ValidationCode KataPhilip Schwarz
Could you use a simple piece of Scala validation code (granted, a very simplistic one too!) that you can rewrite, now and again, to refresh your basic understanding of Applicative operators <*>, <*, *>?
The goal is not to write perfect code showcasing validation, but rather, to provide a small, rough-and ready exercise to reinforce your muscle-memory.
Despite its grandiose-sounding title, this deck consists of just three slides showing the Scala 3 code to be rewritten whenever the details of the operators begin to fade away.
The code is my rough and ready translation of a Haskell user-validation program found in a book called Finding Success (and Failure) in Haskell - Fall in love with applicative functors.
How Can Hiring A Mobile App Development Company Help Your Business Grow?ToXSL Technologies
ToXSL Technologies is an award-winning Mobile App Development Company in Dubai that helps businesses reshape their digital possibilities with custom app services. As a top app development company in Dubai, we offer highly engaging iOS & Android app solutions. https://rb.gy/necdnt
Most important New features of Oracle 23c for DBAs and Developers. You can get more idea from my youtube channel video from https://youtu.be/XvL5WtaC20A
Flutter is a popular open source, cross-platform framework developed by Google. In this webinar we'll explore Flutter and its architecture, delve into the Flutter Embedder and Flutter’s Dart language, discover how to leverage Flutter for embedded device development, learn about Automotive Grade Linux (AGL) and its consortium and understand the rationale behind AGL's choice of Flutter for next-gen IVI systems. Don’t miss this opportunity to discover whether Flutter is right for your project.
14 th Edition of International conference on computer visionShulagnaSarkar2
About the event
14th Edition of International conference on computer vision
Computer conferences organized by ScienceFather group. ScienceFather takes the privilege to invite speakers participants students delegates and exhibitors from across the globe to its International Conference on computer conferences to be held in the Various Beautiful cites of the world. computer conferences are a discussion of common Inventions-related issues and additionally trade information share proof thoughts and insight into advanced developments in the science inventions service system. New technology may create many materials and devices with a vast range of applications such as in Science medicine electronics biomaterials energy production and consumer products.
Nomination are Open!! Don't Miss it
Visit: computer.scifat.com
Award Nomination: https://x-i.me/ishnom
Conference Submission: https://x-i.me/anicon
For Enquiry: Computer@scifat.com
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...kalichargn70th171
In today's business landscape, digital integration is ubiquitous, demanding swift innovation as a necessity rather than a luxury. In a fiercely competitive market with heightened customer expectations, the timely launch of flawless digital products is crucial for both acquisition and retention—any delay risks ceding market share to competitors.
Measures in SQL (SIGMOD 2024, Santiago, Chile)Julian Hyde
SQL has attained widespread adoption, but Business Intelligence tools still use their own higher level languages based upon a multidimensional paradigm. Composable calculations are what is missing from SQL, and we propose a new kind of column, called a measure, that attaches a calculation to a table. Like regular tables, tables with measures are composable and closed when used in queries.
SQL-with-measures has the power, conciseness and reusability of multidimensional languages but retains SQL semantics. Measure invocations can be expanded in place to simple, clear SQL.
To define the evaluation semantics for measures, we introduce context-sensitive expressions (a way to evaluate multidimensional expressions that is consistent with existing SQL semantics), a concept called evaluation context, and several operations for setting and modifying the evaluation context.
A talk at SIGMOD, June 9–15, 2024, Santiago, Chile
Authors: Julian Hyde (Google) and John Fremlin (Google)
https://doi.org/10.1145/3626246.3653374
Mobile App Development Company In Noida | Drona InfotechDrona Infotech
Drona Infotech is a premier mobile app development company in Noida, providing cutting-edge solutions for businesses.
Visit Us For : https://www.dronainfotech.com/mobile-application-development/
Artificia Intellicence and XPath Extension FunctionsOctavian Nadolu
The purpose of this presentation is to provide an overview of how you can use AI from XSLT, XQuery, Schematron, or XML Refactoring operations, the potential benefits of using AI, and some of the challenges we face.
3. Forward-Looking Statement
Statement under the Private Securities Litigation Reform Act of 1995: This presentation may contain forward-looking statements that involve
risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of
salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other
than statements of historical fact could be deemed forward-looking, including any projections of product or service availability, subscriber growth,
earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of
belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services.
The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for
our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate
of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with
completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability
to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our
limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential
factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year
and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are
available on the SEC Filings section of the Investor Information section of our Web site.
Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and
may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are
currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
4. Agenda
• Overview
- Integrating your external applications securely with Salesforce
• Leveraging JavaScript Remoting with Visualforce
- Extend Salesforce functionality with external app intergrations
- Map user identities to the external systems
- Grant access to Salesforce data without breaking security model
• Using Remote Objects with Angular.js
- Secrets in named credentials
- Secrets in custom settings
- Proper usage of secrets
5. Building Salesforce Integrations
• Extend Salesforce funcationality with external app integrations.
• Building data flows and interactions between your external app
and Salesforce.
• Need a way to map Salesforce user identity to your external
system.
• Need a way to authenticate and secure data flows between the
two systems.
• Need a way to grant access to Salesforce data without breaking
the Salesforce security model or trust in the Salesforce platform.
6. Integration Methods – Apex Callouts
• Use Apex code to access external REST API’s
• Can be used to send data out or pull data to/from an
external service
• Actions must be initiated by a user action from within
Salesforce
• Partners fail security review here*
Salesforce
Internet
Web service
7. Integration Methods – API/OAuth
• Salesforce has several API’s for developers
• To use these API’s authentica via
- SOAP API username/password login
- OAUTH authentication flow
• Delegated authentication
- Forward username and password ( sent over internet* )
• Federated Authentication using SAML (Single sign on*)
Salesforce Web service
REST
SOA
P
8. Integration Methods – API - OAuth
• Salesforce has several API’s for developers
• External services can authenticate with Salesforce via OAuth and
receive access tokens
• Tokens must be treated with same sensitivity as a password
• Utilize public-facing API’s to share data with Salesforce instances
• Developers can expose custom Apex REST endpoints
• Outbound messaging
SOAP
RES
T
9. Integration Methods
Connected App
• Runs on the Salesforce app canvas.
• Does not have access to the Salesforce app DOM at any time.
• Authenticate via OAuth or SAML using Salesforce credentials.
• Easy way to integrate an external application into the Salesforce
“skin”.
• The OAuth scope for the connected app determines the
amount of access this app would have to your Salesforce data.
• Make sure to provide least privilege to the OAuth token being
created.
10. Integration User or End User
Integration User
• Creating an integration user to make callouts from the external
app into Salesforce.
• Lets you create a least privilege integration user to perform
certain operations required by the app.
• You don’t have to provide API access to all users.
• Only on credential to manage on the external system.
• You have to make sure that the Salesforce security model is not
broken when the external system accesses Salesforce data.
11. Integration User or End User
End User
• Lets your external app make requests as current logged in user
with the specified OAuth scope.
• Lets the user select if they want to allow or access or not.
• Preserves the Salesforce security model in your external
requests without any additional measures.
• The external app needs to make sure all end user OAuth
credentials are stored secureon the external system.
12. Setting Up A Connected App
Go to Setup > Create > Apps > New Connected App
14. Advantages of Connected Apps
• No need for custom authentication logic.
• Least privilege access control based on the external app
use case.
• Easy to revoke access for misbehaving apps.
• Out of box functionality for standard Auth protocols.
• Can provide access without sharing Salesforce username
password with the external app.
15. Credential Handling
• External app credentials (consumer key/secret) should be
stored securely off the Salesforce platform.
• Salesforce OAuth tokens should be stored securely off the
platform using the industry best practice for your
development platform.
• API tokens for the external app should be stored via
Protected custom settings inside Salesforce.
• All credentials should be secure in transit by using HTTPS
(TLS) for all communications.
16. Transport Security
Security Expectations of HTTP
• None.
• Anyone on the network can eavesdrop traffic.
• Anyone on the network can modify content.
• Anyone on the network can divert traffic.
17. Transport Security – What is TLS?
• A user visiting a site over HTTP has no assurance that the
user is interacting with the legitimate site.
• The Transport Layer Security protocol allows for
secure communication between applications and
users.
• Uses PKI (Public Key Infrastructure) to have a Trusted
Certificate Authority (CA) vouch for the server’s identity.
• Prevents tampering, eavesdropping, and man-in-the-
middle attacks against secure communications. Provides
authentication and confidentiality.
18. Mutual TLS
• Salesforce supports Mutual TLS for communications
between Salesforce and your external server.
• This allows you to do a two-way verification, where the
client and server can confirm one another’s identity.
• Good for server to server authentication, where the client
is not prompting a user to log in manually.
20. Salesforce Mutual TLS
• Client certificates are uploaded and stored in the
Salesforce database, where they are used for
verification.
• You can also download the Salesforce client certificate to
authenticate on your web server, when making Apex
callouts, etc.
• Salesforce provides a mechanism to prevent falling back
to the standard TLS port.
21. Setting Up Mutual TLS
• Have mutual TLS enabled for your organization.
• Generate Certificate Signing Request (CSR) and
acquire a certificate form a Trusted CA.
22. Salesforce Mutual TLS
• Upload the certificate to Security Controls | Certificate
and Key Management.
• Enable “Enforce SSL/TLS Mutual Authentication”
permission for the API client user. This will force mutual
TLS on port 8443 for this user.
• This user permission can be added via a PermSet or by
adding the permission to the user profile.
• Configure the API client to connect on port 8443 and
present the client certificate.
24. Why Use Mutual TLS?
• This seems like a lot of work! Why should I do this?
• Provides you a good way to authenticate both parties
(Salesforce and external app) when building external
integrations.
• You don’t just have to rely on IP range restrictions and
static API keys for client authentication.
• Out of the box mutual TLS implementation provides
authentication and confidentiality.
26. Primary Topic Today: Secrets
• We will be covering developer-oriented topics on secret
storage for the Salesforce Platform.
• Specific features to cover include:
– Secrets in named credentials
– Secrets in custom settings
– Proper secret usage
– Protected Custom Metadata Types ???????????
• Useful for anyone in the following areas:
– Salesforce Developers (primarily)
– Salesforce Administrators
– Prospective Partners
27. What is a secret?
• Simple Definition: A piece of data that requires higher than
normal protection.
• For Our Purposes: A secret will be a piece of data that
nobody should see, like a password or encryption key.
28. Who do we secure secrets from?
• Attackers
• Regular Users
• Partners
• Administrators (Biggest Challenge)
• Basically, everyone… Why?
• Theft of data
• Impersonation
• Privilege Escalation
30. Named Credentials Overview
Named crewdentials are a feature for secret storage built into
the Salesforce platform.
• Available in the “Security” setup menu
• Point & click creation
• No Code required to store secret
31. Named Credentials - Usage
• Create a new named credential
• Add the URL + secret to the named credential
• Invoke the named credential in the httpRequest
HttpRequest req = new HttpRequest();
req.setEndpoint('callout:NamedCredential');
req.setMethod('GET');
Http http = new Http();
HTTPResponse res = http.send(req);
return res.getBody();
32. Pros
• Easy to create.
• Easy to invoke.
• Secret is not visible in the UI
and code to anyone.
• Secret is not leaked in the
debug logs.
Cons
• Only works for httpRequests
and certain authentication
schemes like OAuth 2.0.
• URL can be updated in the
setup, potentially leaking
secret. ???
Named Credentials - Breakdown
34. Custom Settings Overview
Custom settings are stripped down sObjects exposed to the
application cache, enabling efficient access for developers.
Protected versus Public: What is the difference?
Protected Custom Settings can only be accessed from the namespace
they exist in.
• In a managed package, the namespace is that of the package.
• In an unmanaged package, the namespace is the local namespace (so
no effect).
What does this mean?
• Managed protected Custom Settings – Extra Security Benefits
• Managed Public/ Local Public/ Local Protected – No security benefits,
worse for secrets than sObjects.
35. Managed Protected Custom Settings –
Storage Method
1. Create a managed package.
2. Create a protected custom setting inside the package.
3. Create a Visualforce page inside the package to
create/update the secret.
- Transient string (in controller), should not return secret to the view state.
4. Access and use the secret inside the managed package.
37. Pros
• Secret only available to Apex
code within managed
package namespace.
• Can store encryption key to
scale.
Cons
• Requires a managed
package!
• Methods must be well-coded
to prevent secret exposure.
Managed Protected Custom Setting - Breakdown
41. Overview
Using Managed Protected Custom Settings Properly
Secret storage solutions with managed protected custom settings
are developed in Apex and Visualforce, and because of this there
are some best practices that must be followed:
• Properly encapsulating secret usage in the managed package
• Properly handling secret dependencies
• Avoiding secret reflection
42. Properly Encapsulating Secret Usage
What is encapsulation? Keeping functionality inside the managed
package.
Why encapsulate? Namespace benefits on work INSIDE the
managed package. Anything leaving the package loses benefits.
Things to consider for encapsulation:
• User interaction - Visualforce page/component inside the managed
package.
• Using the secret – Code must be contained within the managed
package.
• Invoking secret usage - Done with a global method, secret never
returned outside of the managed package.
44. Properly Handling Secret Dependencies
What are secret dependencies? If a secret is tied to another
piece of information, a dependency is created.
Examples:
• Passwords can be dependent on URLs.
• Encryption keys can be dependent on Salts.
Secret dependency best practices:
• Secrets and dependencies are controlled from the same place
• If dependent is updated, secret should be updated. This prevents the
attacker from gaining additional information.
• Example: If a URL is updated, password should change too!
45. Avoiding Secret Reflection
What is secret reflection?
Developers often mistakenly allow a secret to be reflected from the
controller (Apex) to the view (Visualforce). Since the view is client
side, the risk of secret exposure increases dramatically!
Secret reflection Best Practices
• Beware hidden inputs – hidden inputs often show secret in clear within
source.
• Use transient keyword – transient keyword prevents secret from being
stored in the Visualforce viewstate.
47. Recap
1. Named Credentials
• Pro – Simple. No secret refelcted in UI or debug logs.
• Con – URL can be changed and secret leaked, only works with httpRequests.
- Works well with: Passwords and OAuth tokens that don’t come with admin
privileges.
2. Managed Protected Custom Setting (Secret Storage Best Practice)
• Pro – Most secure option. Protects against users with elevated permissions such
as Modify all Data.
• Con – Requires a managed package. Requires careful attention to code (see
below).
- Works well with: Passwords, OAuth tokens, Encryption keys.
3. Using Managed Protected Custom Settings Properly
• Properly encapsulating secret usage in the managed package.
• Properly handling secret dependencies (update password when updating URL).
• Avoiding secret reflection (beware hidden inputs use transient keyword).