Permission sets make salesforce.com admin’s lives easier by assigning permissions to users with more granularity than what a profile already provides. Using SOQL enables admins to view those permission assignments across their user’s profile and permission sets. Continue reading
Tag Archives: Security
CSRF and apex:page
How not to CSRF yourself on Force.com. Now with 20% more llamas. Continue reading
Source Code Scanning
A year back we began supporting source code analysis on Force.com through http://security.force.com/sourcescanner. We've had great success with it, but the number one piece of feedback we've gotten from all of you was why there wasn't any integration with the Force.com IDE.
Checkmarx, the company we partnered with to provide Force.com source scanning, has stepped up and made an offering available to all of you. For 90 days, for the first 1000 developers, they'll give away a free version of an Eclipse plugin that can scan all Force.com code (under 100k LoC). The great thing about this is that you get… Continue reading
See You At Dreamforce!
On top of the several security talks that we'll have at Dreamforce, we'll also have a security booth in the dev zone.
Here's what we'll have:
- Code Consultations
- Security Quiz (we'll have another prize
- General Q&A
- Demo and a free trial of a new tool which will help native app security/quality
For those interested, sign up for code consultations in the Dreamforce app. See you there!
-Robert… Continue reading
And the winner is…
I was really happy about the number of folks who took the quiz and the interest in it. More-so, I was completely surprised that we had someone actually score 100% on the quiz given its difficulty. I was even more blown away when I woke up on 12/1 and saw that three folks had scored 100%!
To everyone, congrats and I hope it was useful. Without further ado, here are your winners:
- Shamil Arsunukayev – Comity Designs
- Rajendra Singh Ogra – Metacube Software
- Arvind Chaudhary – freelancing
Shamil won the RC Helicopter and Rajendra/Arvind will receive… Continue reading
String bar = ‘raised’;
The Developer Security Quiz Challenge has been going on for a couple weeks. Not too long ago there was a 20 Way Tie – but that's old news. We've got a new high score.
90%
You can beat it. Lets have the first 100% score!
We'll close the contest at 23:59:59 PST on 11/30. Get your quiz in today - http://security.force.com/platformquiz.
-Robert… Continue reading
20 Way Tie
We've had over 75 people take the quiz in the last week attempting to win the RC helicopter and claim eternal fame for their security knowledge. Here's where we are:
- The most common score on the quiz is 50%.
- There is currently a 20 way tie for the top score.
- That score is 50%.
- That score needs to be surpassed
You can take the quiz more then once with a new email address. I'd recommend folks view the training and secure coding guidelines as all of the topics covered are discussed in these two areas.
Take a shot at the quiz and
CRUD, FLS and Sharing
There appears to be a lack of clear understanding around the differences between CRUD, FLS and Sharing. Here's a high-level overview:
Think about your Force.com object as a database table.
- CRUD: is the table level permission. Does the user have access to this table? (Create records in the table, Read records in the table, Update records in the table, and Delete records in the table)
- Field Level Security (FLS): is a more granular column permission. For each column you can set permissions. Does the user have access to this column and what kind of access? Invisible, Visible Read-Only, Visible Read & Write.
- Sharing: is
Security Talks at Dreamforce
Dreamforce this year will feature a number of talks focusing solely on security with many more touching on the topic. For those interested, I wanted to highlight the talks with their session abstract in one place.
You can register for this great event at http://www.salesforce.com/dreamforce/DF10/register/.
Secure Cloud Development
At salesforce.com, we believe the success of cloud computing is dependent on earning and maintaining customer trust. As a result, protecting the privacy of customer data is salesforce.com’s core value. Join us for this session to learn about the free training, tools, and resources that will help you deliver trusted Force.com applications… Continue reading
Score High and Win a Prize
We've had several hundred people take our developer security quiz. No one – yes, NO ONE – has scored 100% on it. A handful of folks have gotten close and admittedly the quiz is not easy.
We want to see someone get that perfect score and are offering an incentive. The top score between now and 11/30 will win an e-Flite Blade RC Helicopter. If there's a tie, we'll randomly select a winner amongst the high scores. Before you get started on the quiz, take a look at the resources on developer.force.com/security. In particular check out the training and read the… Continue reading
