Monthly Archives: August 2014

Episode 8 – Gary Breavington on OWASP and Security

On this episode of Code Coverage we’re joined by Gary Breavington a Senior Technical Consultant at Extentor Australia. Gary recently did a presentation to the Sydney DUG on OWASP and their Top Ten security risks for web applications. In this episode he talks to us about how those risks apply to Salesforce.com developers.

Gary also talks about security issues and features that Salesforce.com developers need to be aware of:

  • Security misconfiguration, especially on public sites
  • The use of ‘with sharing’ and enforcement of permissions
  • Authentication and session management
  • SOQL injection
  • Cross site scripting (XSS)
  • The automatic security scanner tool
  • Cross Site Request Forgery with Visualforce

Direct Download

Gary’s code related to the OWASP Top Ten can be found on GitHub, and here are the accompanying slides:

Episode 7 – Boris Bachovski on the Advanced Developer Certification

Boris Bachovski (@bachovski) is a Senior Salesforce.com Developer with Deloitte Australia, and is an ex-colleague of Matt’s. Boris is an active member of the Salesforce StackExchange site, and he joins us this week to discuss his impressions of the Advanced Developer Certification. Topics discussed include:

  • How to know when you’re ready for the 501
  • The sign up process, and what dates are what
  • The multiple choice part of the exame
  • How long to spend on the assignment
  • Boris’ experience of the 501 as a whole
  • Hard coding IDs is bad!

Direct Download