This blog post on the NCC Group research site discusses the most common findings from a sample of over 35 security assessments of Salesforce customer deployments. The assessments covered a mixture of configuration and code review, and the common issues were sorted into broad categories: Deviation From Salesforce Baseline Standard, Deviation From Security Best Practice, Authentication Issues, File Handling, Insecure Code, Unhandled Security Alerts and Critical Updates Pending (now since merged by Salesforce), and Broken Access Controls.
Common Insecure Practices with Configuring and Extending Salesforce
Leave a reply