Each version of the Youreka application undergoes several types of testing and security reviews. As an application listed on the Salesforce AppExchange, each version of Youreka is subject to a Security Review conducted by Salesforce.com.
AppExchange Security Review
As part of each Security Review, Youreka is subject to a code scan conducted by Checkmarx. The code scan consists of the following elements:
The scanner will help to detect the following security vulnerability types:
- Cross Site Scripting (reflected, stored, and DOM based)
- SOQL/SOSL Injection
- Access Control Issues (Sharing, FLS)
- Cross site request forgery attacks
- Arbitrary Redirects
- Overly permissive postMessage targets
The Force.com Security Source Scanner will detect the following common Apex coding and design issues:
- DML statements inside loops
- SOQL/SOSL inside loops
- Hardcoding Trigger.new
- Hardcoding Trigger.old
- Queries with no Where clause or no LIMIT clause
- Not bulkifying apex methods
- Async (@future) methods inside loops
- Hardcoding IDs
- Multiple triggers on same object
- Static Resource referencing
- Multiple Visualforce forms in the same page
- Test methods without assert
Youreka must submit a passing report from the Checkmarx code scanner in order to submit a new version of the Youreka app for release.
Youreka conducts many types of testing on the application with each release including automated regression testing, manual testing, cross browser testing, and testing of multiple versions of iOS and Android operating systems across multiple versions of hardware.
Please sign in to leave a comment.