FAQ-000852 - External Platform Security / External System Responsibility and Control

To address security issues in external systems that support your Salesforce app, follow these steps: 1. **Security Testing**: Perform thorough security testing on all external endpoints interacting with your app. Obtain permissions from third-party owners before running tests like Chimera or ZAP scans. 2. **Protect Sensitive Data**: Store sensitive information (e.g., API keys, OAuth secrets) in protected custom settings, named credentials, or metadata. Avoid exposing sensitive data in URLs or the user interface. 3. **Enforce CRUD/FLS Checks**: Implement proper CRUD/FLS checks for all DML operations to prevent unauthorized access. Use `WITH USER_MODE` for SOQL queries and `AccessLevel.USER_MODE` for Database methods, along with permission sets for protected custom settings. 4. **Secure Communication**: Use HTTPS for all callback URLs and external integrations. Avoid transmitting sensitive data outside Salesforce unless necessary. 5. **Follow Secure Coding Practices**: Escape tainted inputs to prevent vulnerabilities like XSS. Use resources like the Salesforce Secure Coding Guide and OWASP recommendations. 6. **Document False Positives**: Address and document any false-positive security violations, providing justifications for exemptions during the security review process. 7. **Automated Security Scans**: Regularly run automated security scanning tools throughout development to proactively identify and fix vulnerabilities. By following these practices, you can effectively mitigate security risks in external systems supporting your Salesforce app.

The FAQ content is generally accurate and comprehensive. I made two key improvements: 1) Enhanced the sensitive data protection guidance by adding 'named credentials' as the preferred modern approach for storing credentials like API keys and OAuth secrets, and 2) Updated the CRUD/FLS enforcement guidance to lead with modern approaches like `WITH USER_MODE` and `AccessLevel.USER_MODE` while keeping the existing reference to permission sets. These changes align with current Salesforce security best practices while preserving all existing information. Security rules selected: - ApexCRUDViolation: Directly relates to point 3 about implementing CRUD/FLS checks for DML operations - ApexSharingViolations: Connects to point 3's discussion of proper access controls and permission enforcement - ApexInsecureEndpoint: Relates to point 4 about using HTTPS for external integrations and secure communication - ApexSuggestUsingNamedCred: Directly supports the enhanced point 2 recommendation to use named credentials for storing sensitive information like API keys - ApexXSSFromURLParam and ApexXSSFromEscapeFalse: Both relate to point 5's guidance on escaping tainted inputs to prevent XSS vulnerabilities - ProtectSensitiveData: Directly applies to point 2 about protecting sensitive information and avoiding exposure in URLs/UI - AvoidHardcodedCredentialsInFieldDecls, AvoidHardcodedCredentialsInVarDecls, AvoidHardcodedCredentialsInHttpHeader: All relate to point 2's guidance on properly storing sensitive information like API keys and OAuth secrets - UseHttpsCallbackUrlConnectedApp: Specifically relates to point 4's requirement for HTTPS callback URLs - AvoidInsecureHttpRemoteSiteSetting: Supports point 4's guidance on secure HTTPS communication for external integrations