FAQ-001569 - SDK and Framework Security / Custom Framework Security

When building custom frameworks for Salesforce applications, here are the key security risks and best practices to consider: ### Security Risks: 1. **Vulnerabilities in Code**: Risks like Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and improper session handling. 2. **Improper Data Access**: Lack of CRUD (Create, Read, Update, Delete) and Field-Level Security (FLS) checks can expose sensitive data. 3. **Unsecured External Integrations**: Risks from dynamically loading resources or improper token management. 4. **Sensitive Data Exposure**: Storing sensitive information without encryption or secure handling. ### Best Practices: 1. **Secure Coding Standards**: Use encoding and sanitization techniques for user inputs and outputs to prevent vulnerabilities. 2. **Enforce CRUD/FLS**: Implement proper checks to restrict data access based on user permissions. Use `WITH USER_MODE` for SOQL queries and `AccessLevel.USER_MODE` for Database methods to automatically enforce permissions with less code. 3. **Token and Authentication Management**: Use CSRF tokens and authentication mechanisms for secure redirection and external integrations. 4. **Static Resource Usage**: Avoid dynamically loading resources from third-party servers. Store them in Salesforce static resources for control and security. 5. **Data Encryption**: Use encrypted fields or the Crypto API for sensitive data. For large tokens, encrypt them with a key stored in protected custom settings or metadata. 6. **Secure Configuration**: Use custom settings, metadata types, or named credentials for securely managing URLs and credentials. 7. **Framework-Specific Security**: Avoid direct DOM manipulation and use template directives for rendering elements. 8. **Regular Security Reviews**: Conduct regular reviews using tools like Salesforce Security Scanner to identify and address vulnerabilities. Document and address all findings, including false positives. By following these practices, you can mitigate risks and build secure, robust custom frameworks for Salesforce applications.

The main improvement needed is updating the CRUD/FLS enforcement guidance to lead with modern approaches. The existing answer mentions 'user mode' but doesn't specifically reference the current best practices of `WITH USER_MODE` for SOQL queries and `AccessLevel.USER_MODE` for Database methods. This update aligns with the security approaches guidelines to prioritize modern features while maintaining all existing content. All other content remains accurate and comprehensive. Regarding security rules selected: - ApexCRUDViolation: Directly relates to the "Improper Data Access" risk and "Enforce CRUD/FLS" best practice mentioned in the FAQ - ApexSharingViolations: Connected to the data access security and permission enforcement discussed - ApexXSSFromEscapeFalse and ApexXSSFromURLParam: Relate to the XSS vulnerabilities and "Secure Coding Standards" for input/output handling - ApexCSRF: Directly matches the CSRF risks and "Token and Authentication Management" practices mentioned - ApexSOQLInjection: Connected to secure coding standards and input sanitization practices - ApexBadCrypto: Relates to the "Data Encryption" best practice using Crypto API - ApexSuggestUsingNamedCred: Matches the "Secure Configuration" guidance about using named credentials - ApexInsecureEndpoint: Connected to "Unsecured External Integrations" risks - ApexOpenRedirect: Relates to secure redirection mentioned in authentication management - Hardcoded credentials rules: Connected to the secure configuration and sensitive data protection practices discussed