FAQ-000876 - External Platform Security / Security Scanning and Testing

If automated security scanners are unable to test your application's external endpoints, you should use a Dynamic Application Security Test (DAST) scanner. These scanners interact with web applications through their front end, simulating real-world attacks. Examples include OWASP ZAP, Burp Suite, Veracode Dynamic Analysis, Intruder, and Acunetix. Make sure to obtain the necessary permissions to perform security testing on external endpoints owned by third parties.

The FAQ content is accurate and relevant. The only minor improvement is correcting the spelling of 'Veracode' (was 'VeraCode'). The ApexInsecureEndpoint rule is related because it identifies insecure endpoint configurations in Apex code, and this FAQ discusses testing external endpoints for security vulnerabilities. The FAQ provides guidance on DAST scanning which helps identify the security issues that rules like ApexInsecureEndpoint are designed to catch, such as insecure HTTP endpoints and improper endpoint configurations. The content about DAST scanners simulating real-world attacks directly relates to discovering the types of insecure endpoint vulnerabilities that ApexInsecureEndpoint flags.