Security

Learn more about building secure applications on Salesforce that protect your customer and business data.
Read More
Salesforce Resources

Salesforce Security 

Visit Salesforce's Security website to learn about best practices and find key resources.
 Read More
Developer Guide

Security Review

Visit Salesforce's Security website to learn about best practices and find key resources.
 Read More
Developer Guide

Security Requirement Checklist 

Learn about the key requirements for secure development on Salesforce.
 Read More
Partner Security Portal

Salesforce Security Office Hours 

Learn about the key requirements for secure development on Salesforce.
 Read More
Developer Guide

Secure Coding Guidelines

This guide walks you through the most common security issues Salesforce has identified while auditing applications built on or integrated with the Salesforce Platform.
 Read More
Developer Guide

Named Credentials as Callout Endpoints

A named credential specifies the URL of a callout endpoint and its required authentication parameters in one definition.
 Read More
Developer Guide

Sharing a Record Using Apex

To access sharing programmatically, you must use the share object associated with the standard or custom object for which you want to share.
 Read More
Developer Guide

Security for Lightning Components

Learn how to build secure Lightning web components (LWC) and Aura components that work with Lightning Web Security (LWS) or the legacy architecture Lightning Locker.
All Docs

Documentation

Developer Security Quiz 

The Force.com developer security quiz is an evaluation tool intended to gauge your technical knowledge of Force.com security features and best practices.

Salesforce Platform Code Security Scanner 

To perform a static analysis scan of all unpackaged code in your organization, please enter the username of an AuthorApex user in the organization to be scanned. The results will be sent to the email address on file for that account.

Source Scanner Portal 

The security portal for Salesforce partners who would like to scan their code or schedule office hours.

Salesforce Platform Enterprise Security API (ESAPI) 

The Force.com ESAPI (The OWASP Enterprise Security API) library is designed to make it easier for programmers to retrofit security into existing applications or build a solid foundation for new development.

Providence 

Providence is a system for code commit & bug system monitoring. It is deployed within an organization to monitor code commits for security (or other) concerns, via customizable plugins. A plugin performs logic whenever a commit occurs.

Salesforce Code Analyzer 

Integrate this static analysis plug-in into your CI/CD solution. Customize the coding rules to ensure that your source code meets your quality standards.

Tools
Module

Security Basics 

800 PointsGet familiar with security best practices and expand your admin toolkit.
Module

Data Security 

3100 PointsLearn why testing helps you create better software and how to run various unit tests.
Module

Develop Secure Web Apps 

1100 PointsLearn how to combat common vulnerabilities and push your Apex coding skills to the limit.
Trail

Secure Identity and Access Management 

4800 PointsLearn how Salesforce Identity lets you give the right people the right access to the right resources at the right time.
All Trailhead Modules

Trailhead

Org Security with Doug Merrett

Today, Doug Merrett, Manager of Security and Compliance Advisors for Salesforce in Australia, joins me to talk about org security. Together we explore the importance of keeping your data safe, how to keep it safe, and why you should be doing your own backups in addition to Salesforce daily exports. 32 min

Developer Podcast

Developer PodcastTune in to our Developer Podcast hosted by René Winkelmeyer, Senior Director of Salesforce Developer Relations, and featuring our developer advocates. Hear insightful stories, quick tips, and relevant updates for the Salesforce Developer community.
More Episodes