Robust exception handling is one of the tenets of best practice for development, no matter what the coding language. This blog post explores the curious circumstances in which a developer trying to do the right thing - but without appreciating the full effects - could lead to data integrity issues in a Salesforce Organization. As … Continue reading Exception Handling and Data Integrity in Salesforce
Unauthorised access to data is a primary concern of clients who commission a Salesforce assessment. The Salesforce documentation acknowledges that the sharing model is a "complex relationship between role hierarchies, user permissions, sharing rules, and exceptions for certain situations". It is often said that complexity and security are natural enemies. Salesforce empowers its users with … Continue reading Are you oversharing (in Salesforce)? Our new tool could sniff it out!
With Coronavirus still active across the world, life is far from settled, but the uptake of remote working is surely here to stay. From a security standpoint, organisations may feel less comfortable at the moment simply because staff are working out of sight. Whether that feeling is justified will depend on the technical measures put … Continue reading Salesforce Security with Remote Working
This article discusses the most common findings from a sample of over 35 security assessments of Salesforce customer deployments conducted by NCC Group. The assessments covered a mixture of configuration and code review based on our customers’ use of the Salesforce platform, not of Salesforce itself. The findings were sorted into broad categories, of which … Continue reading Common Insecure Practices with Configuring and Extending Salesforce