Apex is Salesforce’s proprietary programming language used for building applications to manage data and processes in the Force.com framework. Apex, the world’s first “on demand programming language,” enables thousands of Salesforce AppExchange applications to add business logic to system events and Visualforce pages.
In addition to Salesforce AppExchange partners, many large Salesforce customers also use Apex to code their own applications for internal company use. Also, companies may hire partners and consultants for app development and salesforce customization.
For the 2,500+ applications live on the SalesForce AppExchange, the thousands of organizations utilizing their services, as well the countless organizations using Apex code for internal use, application security is a major concern. Apex applications face potential threats from cross site scripting (XSS), SOQL and SOSL injections, frame spoofing and more.
For a full list of queries that Checkmarx scans for, visit our query database.
Since 2008, Checkmarx has been Salesforce’s official Static Application Security Testing (SAST) partner. The result of this partnership is Salesforce’s Security Source Scanner which is a cloud-based source code analysis (SCA) scanner built directly into Force.com.
The Checkmarx powered Force.com Security Source Scanner acts as a security gatekeeper for new, and updated, applications being uploaded to the Salesforce AppExchange platform in order to further enhance the security, productivity and efficiency of the AppExchange security review process. To date, the Security Source Scanner has scanned over 2 billion lines of code.
Source Code Analysis significantly reduces the amount of penetration testing iterations that Salesforce, and third party organizations, need to endure during their security reviews thus allowing the applications to get to market faster.
The Free Force.com Security Source Scanner
The Force.com Security Source Scanner offers AppExchange vendors the opportunity to scan their applications for security and design issues at a rate of 180,000 lines of code every six months. Vendors with smaller applications and infrequent scans are the best fit for the free Force.com scanner.
Who scans their code with the Force.com scanner?
The Force.com Security Source Scanner is free and available for use by both Salesforce customers and AppExchange partners.
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.