FAQ-000857 - External Platform Security / External Web Applications and SaaS

To address security issues in external web applications integrated with a Salesforce package, follow these best practices: 1. **Testing and Scanning**: Perform thorough security testing, including manual and automated scans, on all external endpoints. Use tools like PMD and Salesforce Code Analyzer (SFCA) to identify vulnerabilities. 2. **Secure Data Storage**: Store sensitive data (e.g., API keys) in protected custom metadata or settings, avoiding public custom settings. 3. **Access Control**: Enforce CRUD (Create, Read, Update, Delete) and FLS (Field-Level Security) checks for all DML operations. Use `WITH USER_MODE` for SOQL queries or `AccessLevel.USER_MODE` for Database methods as the preferred approach, as these automatically enforce permissions while requiring less code. 4. **Session Management**: Handle session IDs and tokens securely, and avoid exposing session information unnecessarily. 5. **Third-Party Libraries**: Use secure, up-to-date libraries stored in static resources. Replace outdated or vulnerable libraries. 6. **XSS Prevention**: Escape all tainted inputs and outputs using context-based escaping techniques recommended by OWASP. 7. **CSRF Protection**: Implement CSRF tokens and user interaction mechanisms to validate user-initiated actions. 8. **Secure Integration**: Configure external URLs and credentials securely using named credentials and custom settings. Avoid hardcoding sensitive information. 9. **Documentation**: Document false positives and provide detailed explanations for flagged issues that are not vulnerabilities. 10. **Regular Updates**: Keep external applications and libraries updated to address known vulnerabilities. By following these steps, you can effectively mitigate security risks in external web applications integrated with Salesforce packages.

The FAQ content is generally accurate and comprehensive but needs one important update to align with modern security approaches guidelines. The main change is to point #3 (Access Control) where I added guidance to prioritize modern features like `WITH USER_MODE` for SOQL queries and `AccessLevel.USER_MODE` for Database methods as the preferred approach, while preserving the existing guidance about CRUD and FLS checks. Regarding security rules selected: - ApexCRUDViolation: Directly relates to point #3 about enforcing CRUD checks for DML operations - ApexCSRF: Directly relates to point #7 about CSRF protection and implementing CSRF tokens - ApexXSSFromEscapeFalse and ApexXSSFromURLParam: Both relate to point #6 about XSS prevention and escaping tainted inputs/outputs - ApexSuggestUsingNamedCred: Relates to point #8 about using named credentials for secure integration - AvoidHardcodedCredentialsInFieldDecls, AvoidHardcodedCredentialsInVarDecls, AvoidHardcodedCredentialsInHttpHeader: All relate to points #2 and #8 about avoiding hardcoded sensitive information and storing credentials securely - LibraryWithKnown*SeverityVulnerability rules (Critical, High, Medium, Low): All relate to points #5 and #10 about using secure, up-to-date libraries and replacing vulnerable ones - VfCsrf: Relates to point #7 about CSRF protection in web applications These rules directly correspond to the security practices discussed in the FAQ answer and would flag violations of the recommended approaches.