At Salesforce, Trust is our #1 value. Use these resources to learn about building and securing applications with Salesforce.
Keep up to date on the most recent security news.
Learn to educate your users, protect your Salesforce org, and encourage a culture of security in this Trailhead Module.
Learn to control access to data using point-and-click security tools in this Trailhead Module.
Take this quiz to discover what you already know about security - and what you don't.
Developing for AppExchange? Learn about the Security Review process.
See the latest updates to the Developer Security documentation.
Review your app against AppExchange security best practices.
Meet with the Product Security team to go over your AppExchange Security Review.
Learn how to build secure web apps on the Salesforce platform.
Keep up to date with the latest secure coding techniques.
Learn about the Locker Service API.
Review our guides to avoid common vulnerabilities.
Read the full implementation guidance.
Review our developer security cheat sheet.
Review our admin security cheat sheet.
Use the Code Security Scanner to catch common security issues in your code.
Centralized portal that lets you track and manage your Lightning Platform Security Scans.
Use the ESAPI library to help build security into your app.
AppExchange partners can use Chimera to scan external integrations.
Start using ZAP and Burp with our guides to scan your external integration security.
Get help with your design based on a short self-assessment.
Commit time analysis tool for continuous integration
Apex and VF rule set in the source code analyzer, PMD for CI/CD integration
Keep up with the latest tools developed by the Salesforce Trust Team.
Flex your security muscles by locking down permissions and tracking changes in this Trailhead Superbadge. Have you got what it takes?
Review all Security-related content from Dreamforce '16.
In this webinar Salesforce Trust team introduces the core concepts behind developing secure applications on the Salesforce platform using Apex and Visualforce.
In this session, security experts from Salesforce show you how to avoid common security pitfalls while developing applications using Apex and Visualforce.
This article introduces identity management on Lightning Platform. It looks at user provisioning, authentication and authorization, and points at the more advanced sign-on features such as SAML.
Callouts is a powerful feature of the Lightning Platform platform that allows you to connect to other web services and exchange data from inside Apex code or triggers. You can use this to notify other services of changes to data in your environment (org), or to retrieve data "on the fly" from a remote system and show it on a Visualforce page.
In this article, we'll look at the different methods of implementing SSO with Lightning Platform, how to set up your own open source identity management system for federated authentication using SAML 2, and how to configure the Force.com platform to utilize your new identity provider.
This tutorial shows you how to authenticate users on Lightning Platform sites.
This article looks at the components of Apex Managed Sharing and how you can use Apex Managed Sharing in your own applications.
This article looks at the different techniques that Lightning Platform applications can use to enforce a customer's security settings.
This tutorial describes how to add a CAPTCHA challenge to your Lightning Platform Site.