Third party applications can pose a significant risk to a company. You are forced to trust the maintainer with sensitive data and access to internal networks. As a company scales, managing security across a fleet of third party applications becomes difficult. Salesforce has reviewed over 4000 applications in the process of securing all apps listed on our AppExchange. Participants will learn the best practices around tooling, processes, and manual reviews that work at Salesforce. These practices have prevented thousands of vulnerabilities from reaching victims, and are flexible enough to mature as the threat landscape changes (goodbye TLS 1.0, hello credential stuffing). Through a combination of automation, manual review, and well defined processes, you can drive down risk for your company.


Speakers

Ryan Flood
Manager, ProdSec, Salesforce
Ryan Flood is a manager of product security at Salesforce and oversees the AppExchange security review process. Using the lessons he learned as a security reviewer within the AppExchange security process, he has made security education a top priority.

Prashanth Kannan
Product Security Engineer, Salesforce
Prashanth Kannan is currently Product Security engineer at Salesforce. He is currently security engineer for Health cloud, Financial services cloud, and does Appexchange security reviews. Prior to this, he did his masters at Johns Hopkins university.

-

Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...