Security is paramount to any new product and if the levels are not sufficient, they will not pass Salesforce’s stringent checks. But what can you do to ensure you achieve these levels?

Continuing with our scenario where we have now developed a very good robust ISV app that can cater for almost any client of any size. We need to check if we have considered the security issues not just for us but our customers, if one of them is attacked through a security hole you will likely lose that valuable customer, have your reputation seriously damaged, or lose other customers as a result of word-of-mouth.

We did highlight 1 security issue in our code improvements earlier, a dynamic SOQL was not being checked for SOQL injection which could allow an attacker to change your customers data and even delete it. This is not the only possible issue and there are many security pot holes that you must fill to pass the Salesforce security checks before your app can feature on the App Exchange marketplace. Although it is wise to protect code developed solely to work in 1 production system there is no prevention by Salesforce stopping you deploying code with dynamic SOQL’s to your production instance.

To find out more about the challenges and the potential Pot Holes have a read of this article or contact us to find out how we would approach different challenges. Or if you want to find out how we can help email Steven.Fouracre@metacube.com