FAQ-000872 - External Platform Security / Security Design and Architecture

To implement secure external service integration without major architectural changes for the AppExchange Security Review, follow these steps: 1. **Control Over External Endpoints**: - Ensure the external service is under your control or has explicit consent from the endpoint owner to comply with Salesforce's Main Services Agreement (MSA). 2. **Secure Session Handling**: - Mark all session IDs as SECURE. - Avoid sharing user session IDs with third-party websites for authentication. 3. **Secure Communication Protocols**: - Use HTTPS with TLS v1.2 or higher for all communications. - Avoid weak ciphers or outdated protocols. 4. **CORS Configuration**: - Avoid wildcarded CORS or cross-domain.xml files for non-public endpoints. - Use a separate content domain if a general relay is required. 5. **Data Storage and Handling**: - Store sensitive data securely in protected custom metadata or protected custom settings. - Use Named Credentials to manage authentication securely instead of hardcoding credentials. 6. **Testing and Validation**: - Conduct thorough testing, including OWASP Top 10 vulnerability checks, on a staging environment that mirrors production. - Ensure SSL configurations meet requirements and address findings from security scans. These steps will help you meet security requirements while minimizing architectural changes.

The FAQ content aligns well with AppExchange security requirements but needed several clarifications for accuracy and consistency with security scanner rules. First, I clarified 'TLS v1.2 or higher' to 'HTTPS with TLS v1.2 or higher' to make it clearer that HTTPS protocol is required, which aligns with the ApexInsecureEndpoint and AvoidInsecureHttpRemoteSiteSetting rules that flag insecure HTTP endpoints. Second, I corrected 'protected metadata settings' to 'protected custom settings' to use the accurate Salesforce terminology. Third, I added guidance about Named Credentials to address credential management security, which is a key AppExchange requirement. The FAQ's points about session handling, CORS configuration, and testing remain unchanged as they accurately reflect security best practices. For security rules selected: ApexInsecureEndpoint relates to the FAQ's point about 'Use TLS v1.2 or higher for all communications' as this rule detects insecure HTTP endpoints. ApexSuggestUsingNamedCred connects to the FAQ's discussion of secure external service integration and credential management. AvoidInsecureHttpRemoteSiteSetting and AvoidDisableProtocolSecurityRemoteSiteSetting relate to the secure communication protocols section. The hardcoded credentials rules (AvoidHardcodedCredentialsInHttpHeader, AvoidHardcodedCredentialsInFieldDecls, AvoidHardcodedCredentialsInVarDecls, AvoidHardcodedCredentialsInVarAssign) all relate to the FAQ's guidance on 'Store sensitive data securely' and the overall theme of secure external service integration.