Can I pass security review by fixing issues in the Salesforce part while having a documented plan to fix an external web application?
Answer
Yes, you may pass the Salesforce security review if you fix all identified Salesforce-related issues and provide a clear, documented plan for addressing vulnerabilities in the external web application. However, keep in mind that all components of your solution, including external endpoints, are subject to review. Ensure your solution complies with Salesforce security guidelines.
Can I pass security review by fixing issues in the Salesforce part while having a documented plan to fix an external web application?
Recommended Answer Update
Yes, you may pass the Salesforce security review if you fix all identified Salesforce-related issues and provide a clear, documented plan for addressing vulnerabilities in the external web application. However, keep in mind that all components of your solution, including external endpoints, are subject to review. Ensure your solution complies with Salesforce security guidelines.
Reasoning
The FAQ is well-structured and accurate. No content appears outdated based on available security rules. The answer appropriately covers the core question about passing security review with fixed Salesforce issues and documented plans for external applications. The response maintains proper emphasis on compliance requirements while being clear and actionable. I selected the ApexInsecureEndpoint rule because this FAQ discusses external web applications and endpoints, which directly relates to the rule's purpose of identifying insecure endpoint usage. The FAQ mentions 'external endpoints are subject to review' which aligns with this rule's focus on endpoint security in Apex code that communicates with external systems.