Tag Archives: Security

Salesforce.com and Unbounce Present Tech Security Talks

Vancouver presented a solid week of world-class information security conferences and courses geared at developers and hackers between CanSacWest and BSides. Salesforce.com and Unbounce collaborated to present an accessible security discussion, our Tech Security Talks (#techsec) event. We decided on an evening fireside chat with industry experts followed by a Q&A session that would be geared towards covering the implications of security issues ranging from bugs to privacy laws. Continue reading

Locking Down Record Access in Salesforce

Locking down record access in Salesforce

With the powerful Salesforce sharing features, you can support collaboration within your organization while keeping sensitive information secure. And while you must always balance collaboration with security, there are situations in which you might need to make absolutely sure that record access is limited to a very small number of people, regardless of their position within the corporate hierarchy. In this post, you’ll learn about the sharing features and strategies you can use to do just that. Continue reading

Behind the Scenes of Record Ownership in Salesforce

Record ownership is at the core of Salesforce’s record access capabilities, which allow you to specify which users or types of users should be able to access specific records or types of records. Salesforce.com’s architects and developers have spent years creating a highly functional and massively scalable record access infrastructure around record ownership, saving you the monumental effort of building that infrastructure yourself.

In this post, you’ll learn how those years of heavy lifting have actually simplified record access for the most common enterprise security models, allowing you to configure record access declaratively instead of with painstakingly developed code. You’ll also get an “under the hood” view of record access, and learn how to implement your record access model and avoid potential pitfalls along the way. Continue reading

Your Data in the Cloud: Salesforce Security, Privacy, and Trust

Your Data in the Cloud: Salesforce Security, Privacy, and Trust

It’s important that you are confident that your cloud provider has the world-class security and privacy solutions to adequately protect your data. So what does it take to trust a cloud? Read on to learn why you should trust salesforce.com cloud solutions with your assets. Continue reading

Using SOQL to Determine Your Force.com User’s Permissions

Permission sets make salesforce.com admin’s lives easier by assigning permissions to users with more granularity than what a profile already provides. Using SOQL enables admins to view those permission assignments across their user’s profile and permission sets. Continue reading

CSRF and apex:page

How not to CSRF yourself on Force.com. Now with 20% more llamas. Continue reading

Source Code Scanning

A year back we began supporting source code analysis on Force.com through http://security.force.com/sourcescanner.  We've had great success with it, but the number one piece of feedback we've gotten from all of you was why there wasn't any integration with the Force.com IDE.

Checkmarx, the company we partnered with to provide Force.com source scanning, has stepped up and made an offering available to all of you.  For 90 days, for the first 1000 developers, they'll give away a free version of an Eclipse plugin that can scan all Force.com code (under 100k LoC).  The great thing about this is that you get… Continue reading

See You At Dreamforce!

On top of the several security talks that we'll have at Dreamforce, we'll also have a security booth in the dev zone.

Here's what we'll have:

  • Code Consultations
  • Security Quiz (we'll have another prize ;-)
  • General Q&A
  • Demo and a free trial of a new tool which will help native app security/quality

For those interested, sign up for code consultations in the Dreamforce app.  See you there!

 -Robert… Continue reading

And the winner is…

I was really happy about the number of folks who took the quiz and the interest in it.  More-so, I was completely surprised that we had someone actually score 100% on the quiz given its difficulty.  I was even more blown away when I woke up on 12/1 and saw that three folks had scored 100%!

To everyone, congrats and I hope it was useful.  Without further ado, here are your winners:

  1. Shamil Arsunukayev – Comity Designs
  2. Rajendra Singh Ogra – Metacube Software
  3. Arvind Chaudhary – freelancing

 

Shamil won the RC Helicopter and Rajendra/Arvind will receive… Continue reading