FAQ-000874 - External Platform Security / Security Design and Architecture

To handle dynamic endpoint generation for customer-specific integrations while maintaining security during the AppExchange Security Review, follow these practices: 1. **Secure Communication**: - Use HTTPS to encrypt data in transit and avoid insecure protocols like HTTP or FTP. 2. **Static Resources**: - Dynamically load external resources (e.g., JavaScript files) from the static resources folder of your package instead of third-party endpoints. This ensures version control and prevents unauthorized code changes. 3. **Input Validation**: - Implement strict input validation and sanitization for all user inputs that influence endpoint generation to prevent injection attacks. 4. **Credential Management**: - Use Named Credentials for external service authentication instead of hardcoded credentials in your code. - Store sensitive configuration data securely using Custom Metadata Types or Protected Custom Settings. 5. **Approved CDNs**: - If external resources are necessary, use Salesforce-approved CDNs to ensure the code is managed and secure. 6. **Thorough Testing**: - Test the entire solution, including all external endpoints, using manual and automated security scanning tools. Address any vulnerabilities identified. 7. **Documentation**: - Provide detailed documentation of your solution, explaining how dynamic endpoints are generated and secured, as part of the security review submission. For additional support, you can schedule a technical office hours appointment with the AppExchange security review team through the Partner Security Portal.

The original answer was comprehensive but missing a critical security practice for dynamic endpoint generation: proper credential management. I added a new section on credential management that emphasizes using Named Credentials instead of hardcoded credentials, which is essential for secure external integrations. This addition aligns with multiple security rules that detect hardcoded credentials and insecure endpoint practices. Regarding security rules selection: - ApexInsecureEndpoint: Directly relates to the FAQ's focus on "dynamic endpoint generation" and ensuring endpoints use secure protocols - ApexSuggestUsingNamedCred: Relates to the credential management aspect I added, which is crucial for secure external integrations - AvoidHardcodedCredentialsInFieldDecls, AvoidHardcodedCredentialsInHttpHeader, AvoidHardcodedCredentialsInVarAssign, AvoidHardcodedCredentialsInVarDecls: All relate to the credential management practices needed when implementing dynamic endpoints for customer-specific integrations - AvoidInsecureHttpRemoteSiteSetting: Relates to the "Secure Communication" section's emphasis on using HTTPS - AvoidDisableProtocolSecurityRemoteSiteSetting: Also relates to maintaining secure communication protocols mentioned in the first point