ISVforce Guide

Welcome to the ISVforce Guide
ISVforce Quick Start
Grow Your AppExchange Business
Design and Build Your Solution
Package and Test Your Solution
Pass the AppExchange Security Review
Publish Your Solution on AppExchange
Manage Orders
Manage Licenses
Manage Features
Provide a Free Trial of Your Solution
Support Your AppExchange Customers
Update Your Solution
Appendices
Glossary
PDF

Newer Version Available

This content describes an older version of this product. View Latest

What are the typical reasons why I would not pass the security review?

In no particular order, here’s a list of the top reasons for not being approved. For more information, see OWASP Top 10.
  • Injection (SQL, XML, and so on)
  • Cross-site scripting
  • Broken authentication and session management
  • Insecure direct object references
  • Cross-site request forgery
  • Security misconfiguration
  • Insecure cryptographic storage
  • Failure to restrict URL access
  • Insufficient transport layer protection
  • Unvalidated redirects and forwards