FAQ-000897 - External Platform Security / Uncategorized

For off-platform components during the AppExchange Security Review, you need to provide the following: 1. **URLs and Login Credentials**: For external components that require authentication. 2. **DAST Scan Reports**: Dynamic Application Security Testing reports for the external components. 3. **False Positive Documentation**: If applicable, document any false positives identified during the review. 4. **Solution Documentation**: Include detailed documentation of your solution. 5. **Endpoint Testing**: Ensure all external endpoints are tested using both manual and automated security scanning tools. Let me know if you need help with anything else!

The FAQ content is accurate and well-structured, requiring minimal changes. The main improvement made was expanding 'Dynamic Application Security Test' to 'Dynamic Application Security Testing' for clarity. The FAQ discusses off-platform components and external endpoints, which directly relates to multiple security rules: ApexInsecureEndpoint (identifies insecure external endpoints), ApexSuggestUsingNamedCred (recommends secure credential management for external connections), credential hardcoding rules (relevant when providing login credentials for external components), UseHttpsCallbackUrlConnectedApp (ensures secure HTTPS connections), and AvoidInsecureHttpRemoteSiteSetting (prevents insecure HTTP connections to external platforms). These rules all address security concerns when connecting to or documenting external/off-platform components, making them highly relevant to this FAQ's content about what documentation and security measures are needed for off-platform components during security review.