FAQ-000739 - Data Storage and Encryption Security / Vulnerability Identification and Remediation

To address these vulnerabilities: ### Insecure Storage of Sensitive Data - Store sensitive data like secrets in **protected custom metadata** or **protected custom settings** to ensure it's not publicly accessible. - Encrypt sensitive data using **AES-256 or higher** encryption standards. - Avoid writing sensitive data to debug logs. - Use Named Credentials for storing authentication details securely. - Refer to Salesforce's secure storage practices for detailed guidance. ### Sensitive Information in URL - Evaluate if the information in the URL is truly sensitive. If not, document it as a **false positive** with justification. - For sensitive information: - Avoid including it in the URL. - Use secure methods like passing the data in the **request body** or **headers**. - Store sensitive data securely in protected custom settings or metadata, ensuring access is restricted to authorized users.

The FAQ content is generally accurate but needs minor updates to align with current security standards. The main change is updating the encryption recommendation from 'AES-128 or higher' to 'AES-256 or higher' to reflect stronger current security practices, though AES-128 remains acceptable. I also added a recommendation for Named Credentials, which is a Salesforce-specific best practice for secure credential storage. The selected security rules directly relate to the FAQ content: ApexBadCrypto relates to the encryption guidance provided, ProtectSensitiveData covers the overall sensitive data protection theme, the hardcoded credentials rules (AvoidHardcodedCredentialsInFieldDecls, AvoidHardcodedCredentialsInVarDecls, AvoidHardcodedCredentialsInVarAssign) relate to the guidance about storing secrets securely rather than hardcoding them, and ApexSuggestUsingNamedCred relates to the secure storage recommendations for authentication credentials mentioned in the FAQ.