FAQ-000911 - External Service Security Testing / Environment and Infrastructure Considerations

To obtain security review clearance when only external server changes are needed: 1. **Request a Follow-Up Review**: Submit a follow-up security review specifically for the revised external code. 2. **Create a New Solution**: Connect the updated solution to the AppExchange Partner Console and submit it for review. 3. **Provide Updated Scan Reports**: Include updated Dynamic Application Security Test (DAST) scan reports for the external endpoints. 4. **Document False Positives**: If applicable, document any false positives in the submission. 5. **Pay Retesting Fee**: Be aware that there's a fee for retesting the remediated code. This process ensures the changes are reviewed and cleared for security compliance.

The FAQ content is accurate and well-structured. Only minor improvements were made for better readability and conciseness: changed 'there is a fee' to the more conversational 'there's a fee' to align with the brand guidelines for using contractions. No security rules were associated because this FAQ discusses administrative processes for AppExchange security review submissions rather than technical implementation that would trigger specific security scanner rules. The available rules focus on code-level security issues (like SOQL injection, CSRF, hardcoded credentials, etc.) while this FAQ addresses the procedural aspects of handling external server changes in the review process. The content covers process steps, documentation requirements, and fees - none of which relate to the technical security patterns that the available rules are designed to detect.