ISVforce Guide
j
No Results
Search Tips:
- Please consider misspellings
- Try different search keywords
Newer Version Available
About the Security Review
The security review has been developed to assess the security posture of partner organizations, and to ensure that all applications published on the AppExchange follow industry best practices for security standards. For the latest information on the security review, please visit https://developer.salesforce.com/page/Security_Review.
The AppExchange security review:
- Empowers customers to trust third-party apps to work securely with their Salesforce applications
- Helps partners succeed in delivering apps that span multiple systems and meet the needs of AppExchange users.
- Allows Salesforce to facilitate open relationships between customers, third-party developers, and application providers, by providing a secure ecosystem
The scope of the security review depends on the type of application. We will perform the testing indicated below for each type of component included in your application.
| Application Type | Description | Scope of Review |
|---|---|---|
| Force.com | Applications where primary data, logic, and user interface is built entirely on the Force.com platform. The application can call out to approved 3rd party web-services, such as Amazon, Google, Facebook, etc. |
|
| Client and Mobile Apps | Applications that run outside the Salesforce environment. These applications treat the Force.com platform as a data source, using the development model of whatever tool and platform they are designed for. Classic examples of this kind of app include the iPhone app and Microsoft Outlook connectors. |
|
| Web Applications | Applications that run in a third-party hosted environment and integrate with Salesforce, leveraging the Force.com Web-services API. Application data, logic and user interface can be stored outside of Force.com. |
|