ISVforce Guide

Introduction
ISVforce Quick Start
Designing and Building Your App
Packaging and Testing Your App
Passing the Security Review
Publish Your Offering on the AppExchange
Manage Orders
Managing Licenses
Manage Features
Provide a Free Trial
Supporting Your AppExchange Customers
Upgrading Your App
Appendices
Glossary
PDF

Newer Version Available

This content describes an older version of this product. View Latest

What are the typical reasons why I would not pass the security review?

In no particular order, here’s a list of the top reasons for not being approved. For more information, see OWASP Top 10.
  • Injection (SQL, XML, and so on)
  • Cross-site scripting
  • Broken authentication and session management
  • Insecure direct object references
  • Cross-site request forgery
  • Security misconfiguration
  • Insecure cryptographic storage
  • Failure to restrict URL access
  • Insufficient transport layer protection
  • Unvalidated redirects and forwards