Overview
Explore best practices for securing third-party applications at scale in this 34-minute conference talk from AppSecCali 2019. Learn how Salesforce manages security across thousands of applications on their AppExchange platform. Discover effective tooling, processes, and manual review techniques that have prevented numerous vulnerabilities from reaching users. Gain insights into automating security checks, conducting manual reviews, and developing flexible processes that adapt to evolving threats like credential stuffing. Understand how to balance automation with human expertise to significantly reduce risk for your company when dealing with third-party applications. Benefit from the speakers' experience in overseeing the AppExchange security review process and their focus on security education.
Syllabus
Introduction
Agenda
Introductions
Salesforce App Exchange
Types of Third Party Applications
Building a HighLevel Process
Define the Problem
Baseline
Trailhead
Remediation
Review Information
Securitys Never Done
Salesforce
Evangelization
Operation Team
Tools
Taught by
OWASP Foundation