Episode 8 - Gary Breavington on OWASP and Security

On this episode of Code Coverage we’re joined by Gary Breavington a Senior Technical Consultant at Extentor Australia. Gary recently did a presentation to the Sydney DUG on OWASP and their Top Ten security risks for web applications. In this episode he talks to us about how those risks apply to Salesforce.com developers.

Gary also talks about security issues and features that Salesforce.com developers need to be aware of:

  • Security misconfiguration, especially on public sites
  • The use of ‘with sharing’ and enforcement of permissions
  • Authentication and session management
  • SOQL injection
  • Cross site scripting (XSS)
  • The automatic security scanner tool
  • Cross Site Request Forgery with Visualforce

Direct Download

Gary’s code related to the OWASP Top Ten can be found on GitHub, and here are the accompanying slides: