AppExchange Package Developmenet & Best Practices.pptx
vedahebbar
107 views
41 slides
Aug 30, 2025
Slide 1 of 41
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
About This Presentation
AppExchange Package Development & Best Practices
Slide Content
Salesforce AppExchange App Development & Best Practices
Jay Malde AppExchange App Developer Built 4 AppExchange Packages Level 1 Freelancer on Fiverr Completed 21 Projects Across 11 Nationalities
Agenda 1. Salesforce Developer Career Paths 2. About AppExchange & Building your own Package 3. What is Security Review & Its Requirements 4. Hands-On Demonstration (Creating a Managed Package) 5. Common vulnerabilities and recommendations 6. Automating Development with CumulusCI 7. Overview of MetaCI and MetaDeploy 8. Takeaways
Salesforce Developer Career Paths Service Company (IT Consulting, SI, Outsourcing) Product Company (ISV, AppExchange, SaaS Product) Data-Focused Role (Analytics, AI, Data Cloud) Nature of Work Client projects, multiple industries, implementations, customizations. Building & scaling Salesforce-based products, AppExchange apps, or internal platforms. Implementing scalable data models using Salesforce Data Cloud (CDP), CRM Analytics solutions, customer 360 setup, data ingestion & unification, data pipelines. Learning Scope Broad exposure across industries & Salesforce clouds. Deep in product engineering, AppExchange compliance, scaling challenges. Data-driven insights, performance optimization, predictive modeling, large-scale data ingestion, segmentation. Work Style Client-driven, changing requirements, agile delivery. Feature-driven, long-term vision, continuous improvement. Data and analytics driven , cross-platform integrations, focus on unifying data from multiple sources, governance & activation. Skillset Apex, LWC, Flows, REST/SOAP Integrations, Agile/DevOps, Consulting & Communication skills. Advanced Apex/LWC, Packaging (2GP), Security Review, API Frameworks, DevOps, Product Mindset. Data Modeling, Data Streams, Identity Resolution, Calculated Insights, Segmentations, SQL/ETL knowledge, Data Governance.
Benefits of using AppExchange
What all can you find on AppExchange
How can a developer benefit from Salesforce AppExchange 1. Monetization & Passive Income Developers can sell apps (paid, freemium, or subscription-based). It creates an opportunity for recurring revenue once the app gets traction. 2. Job & Freelance Opportunities Recruiters and companies value developers who’ve successfully published on AppExchange. It shows hands-on expertise in packaging, security, and Salesforce architecture. 3. Hands-on with Security & Best Practices To pass Salesforce Security Review, developers learn OWASP Top 10, data security, and coding standards. This knowledge alone makes you a stronger developer/architect .
Unmanaged VS Managed Package Unmanaged Package Managed Package Ownership of Code Customer owns code after install (can modify). Publisher retains code control (hidden components possible). Upgrades No automatic upgrades (customer must reinstall new version manually). Supports upgrades (patches, major/minor versions). License Enforcement Not possible. Possible via License Management App (LMA). Security Review Requirement Not required. Required if listed on AppExchange as free or paid. Best For Open-source, utilities, sample projects. Commercial apps, ISV products, subscription-based models. Visibility Full code is visible to installer. Can hide Apex classes, triggers, and logic (IP protection).
1GP VS 2GP 1GP (1 st Generation Package) 2GP (2 nd Generation Package) Creation Built and uploaded directly from a Salesforce org (Packaging Org). Built from Salesforce DX projects using CLI and source control. Package Org Requires a special Packaging Org. No packaging org required (uses Dev Hub + Scratch Orgs). Source of Truth Not source-driven (Packaging org-based development). Source-driven (git / VCS recommended). Dependency Management Limited dependency handling. Full dependency resolution supported. Upgrade Path Supports patch orgs and upgrades. Cleaner upgrade process, versioning via source. Future Support Legacy (still works but no major new features). Future of packaging, Salesforce recommends moving here. Best For Existing ISV apps, older packages, teams not using DX. Modern ISVs, CI/CD DevOps pipelines, source-driven dev teams. Automation Limited and manual. Fully scriptable for CI/CD.
Building Your AppExchange Package Creating an AppExchange package involves several critical steps to ensure your solution is robust, unique, and ready for distribution. Create a Partner Community Account, from there you will receive a Partner Business Org ( Devhub Org) . Create a Salesforce Developer Edition org. In Developer Edition org create a Namespace Prefix for uniqueness and avoiding conflicts with other apps and link using Environment Hub with PBO . Create a Scratch Org using PBO and use the same Namespace Prefix for Development. Create a Packageable Component and add it into your Packaging/Namespace Org from Package Manager in case of 1GP . Create a Packageable Component and add it into your app's metadata package.xml file in case of 2GP . Create a Package using Salesforce CLI command. Create a Package version using Salesforce CLI command it will generate an installable link of Beta Package . Test the beta package on a UAT/Test org by installing package using above link. Once tested Promote Beta package to Managed using Salesforce CLI. The above step will automatically list your package on the Salesforce Partner Portal. Submit your package for Security Review . Create a Listing with compelling descriptions and pricing Paid/Free on AppExchange to make it Publically Available.
What is Security Review. A mandatory process for any managed package listed publicly on the AppExchange. Ensures your app meets Salesforce's stringent security standards. Builds trust with customers and protects their sensitive data. Involves both automated scans and thorough manual review by Salesforce security experts. Timeline: The process typically takes 4-8 weeks. Cost: Free for free apps. A fee (e.g., $999 or $2700) is charged for paid apps and for each resubmission. The Salesforce Security Review is not just a hurdle; it's a foundation of trust that protects customers and maintains the integrity of the AppExchange ecosystem. It builds confidence in your solution.
OWASP Top 10 is our guide Injection (SQLi, SOQL, XML, OS etc.) Broken Authentication and Session Management Cross Site Scripting (XSS) Insecure Direct Object References Security Misconfiguration Sensitive Data Exposure Missing Function Level Access Control Cross Site Request Forgery (CSRF) Using Known Vulnerable Components (libraries, frameworks, software) Unvalidated Redirects and Forwards
Security Review Checklist Documentation Sample API Callouts Username & Password for testing Org created using Salesforce’s Template Id. API, OAuth, and SAML Access Installation Links Provide documentation for all the use cases used in case of APIs. Security Scanner Reports Source Scanner ( Checkmarx ) Salesforce Code Analyzer (PMD) DAST Reports using (Zap or Burp Suite) In case of False Positives also Attach a False Positive Document with Exmplainantion Testing Environment Solution Architecture (Data Model, APIs, Error Handling, Security Considerations, Compliance) Usage Documentation (Use Cases & Installation Guide) Note In case of any Doubts contact Raise a Case with Salesforce or Schedule a Office Hours call. Try to give as much information as you can.
Requirements as per Solution Requirements Native Native + Lightning Components Composite Web App/Service Client Composite Mobile/Client API Only Salesforce Environment Yes Yes (With components configured for testing) Yes Yes Yes External components / credentials Yes e.g. urls , credentials Yes e.g. link to APK Yes e.g. urls, credentials Managed package Yes Yes Yes Force.com code scanner ( Checkmarx ) report Yes Yes Yes ZAP/Burp/ Chimera report Yes Yes (ZAP/Burp) Yes False positive report If required If required If required If required If required Documentation Recommended Recommended Recommended Recommended Recommended
Tips for Security Review in 1 st Attempt Code Quality Data Security Auth & Access Documentation & Architecture Vulnerability Testing 20 Salesforce Apex Code Best Practices, Run Code Analyzer Periodically . Proper handling of sensitive data, including encryption when storing keys. For storing encrypted keys, use Custom Settings. Clearly define how authentication is performed try to use Named Credentials if possible. Provide clear installation guides, configuration steps, and security considerations. Address common web application vulnerabilities outlined in OWASP Top 10.
Hands-On Demonstration Creating a Managed Package.
Even with thorough preparation, some common issues frequently arise during the security review. Awareness of these can help you proactively mitigate them. . Community OWASP Top 10 for Salesforce with Fix
1. Broken Access Control Problem Apex classes can access and modify all organization data by default. To prevent unintentional exposure of confidential information restricted from unauthorized users, Apex developers should include "with sharing" or "inherited sharing" keywords in the class header. This ensures compliance with the organization's data-sharing rules. Examples public without sharing class CustomController { //some code here } // By Default without sharing public class CustomController { //some code here } // Solution public with sharing class CustomController { //some code here } Solution Use with sharing at the class level. This will run the code within as per the current logged-in User’s access level.
2. SOQL Injection Problem Untrusted user input can be directly concatenated in SOQL queries. Recommendation Use bind variables or String.escapeSingleQuotes (). Examples String userInput = ApexPages.currentPage (). getParameters ().get('id'); Account acc = Database.query ('SELECT Id, Name FROM Account WHERE Id = \' + userInput + '\’); //Solution String userInput = ApexPages.currentPage (). getParameters ().get('id'); Account acc = [SELECT Id, Name FROM Account WHERE Id = : userInput LIMIT 1]; SObject acc = Database.query (‘SELECT Id, Name FROM Account WHERE Id = : recordId AND Name = String. escapeSingleQuotes (‘ userInput ’) LIMIT 1];
3. Field Level Voliation Problem Apex runs in 'system mode' by default, ignoring user permissions and field visibility. This can lead to unauthorized data access and security breaches. Solution Use WITH USER_MODE or WITH SECURITY_ENFORCED in SOQL queries. Alternatively, use Security.stripInaccessible () for removing inaccessible fields. Example // Throw an exception if fields are not accessible List<Account> acc = [SELECT Id FROM Account WITH USER_MODE]; List<Account> accountsWithContacts = [SELECT Id, Name, Phone, (SELECT Id, LastName, Phone FROM Account.Contacts ) FROM Account]; For Dynamic Queries String query = ‘ SELECT Id FROM Account WITH USER_MODE ’; List< SObject > accounts = ((List< SObject >) Database.query (query, AccessLevel.USER_MODE )); // Strip fields that are not readable SObjectAccessDecision decision = Security.stripInaccessible ( AccessType.READABLE , accountsWithContacts );
4. CRUD Permission Voilation Problem Apex runs in 'system mode' by default, ignoring user object-level permissions. This can lead to unauthorized data access and security breaches. Example insert contactList ; //Solution // Checks for if object is accessible or not. SObjectType objType = recordList [0]. getSObjectType (); if( objType.getDescribe (). isCreateable ()) if( objType.getDescribe (). isUpdateable ()) if( objType.getDescribe (). isDeletable ()) if( objType.getDescribe (). isUndeletable ()) { insert as user contactList ; } Solution Check whether the object has Create, Read, Update or Delete access at start. As a precaution use “as user” to perform CRUD as per user’s access levels.
5. SOQL Injection Problem Untrusted user input can be directly concatenated in SOQL queries. Recommendation Use bind variables or String.escapeSingleQuotes (). Examples String userInput = ApexPages.currentPage (). getParameters ().get('id'); Account acc = Database.query ('SELECT Id, Name FROM Account WHERE Id = \' + userInput + '\’); //Solution String userInput = ApexPages.currentPage (). getParameters ().get('id'); Account acc = [SELECT Id, Name FROM Account WHERE Id = : userInput LIMIT 1]; SObject acc = Database.query (‘SELECT Id, Name FROM Account WHERE Id = : recordId AND Name = String. escapeSingleQuotes (‘ userInput ’) LIMIT 1];
6. Cross-Site Scripting (XSS) Problem Cross-site scripting (XSS) attacks are where malicious HTML or client-side scripting is provided to a web application. This happenes due to incorrect encoding can allow malicious scripts to run in a user’s browser, leading to security vulnerabilities. Recommendation All standard Visualforce components, which start with <apex>, have anti-XSS filters. Like < apex:outputText > tag is XSS-safe. All characters that appear to be HTML tags are converted as string. Examples // Because of no encoding malicious script can be passed as userparam of the page. <script>var foo = '{!$ CurrentPage.parameters.userparam }';</script> //Solution < apex:outputText escape=“true" value="{!$ CurrentPage.parameters.userInput }" />
7. Insecure External Calls (Callouts) Problem Making callouts to unregistered domain or without proper hostname validation or using http://. Recommendation Always use HTTPS Whitelist domains in Remote Site Settings or Named Credentials Examples HttpRequest req = new HttpRequest (); req.setEndpoint ('http://untrusted.com/ api '); //Solution HttpRequest req = new HttpRequest (); req.setEndpoint (' callout:Trusted_NC / api ');
8. Unescaped Output and Formulas in Visualforce Pages Problem When using components that have escape attribute to false, or when including formulas outside of a Visualforce component, output is unfiltered and must be validated for security. This is especially important when using formula expressions or html outputs. Examples // Because of no encoding malicious script can be passed as userparam of the page. < apex:inputText value="{! inputField }"/> < apex:outputPanel id=“input"> Value of InputField is < apex:outputText value="{! inputField }" escape="false"/> </ apex:outputPanel > //Solution < apex:outputText value=" {!HTMLENCODE( inputField )}" escape="false"/> Recommendation There are several functions that you can use for escaping potentially insecure strings. HTMLENCODE() JSENCODE() JSINHTMLENCODE() URLENCODE()
9. Hardcoded Secrets(Callouts) Problem Making callouts to unregistered domain or without proper hostname validation or using http://. Recommendation Always use HTTPS Whitelist domains in Remote Site Settings or Named Credentials Examples HttpRequest req = new HttpRequest (); req.setEndpoint ('http://untrusted.com/ api '); //Solution HttpRequest req = new HttpRequest (); req.setEndpoint (' callout:Trusted_NC / api ');
10. Cross-Site Request Forgery (CSRF) Problem CSRF is an attack where a malicious website tricks your browser into performing unwanted actions on Salesforce while you're logged in. Recommendation Don’t perform any DML on onload of page. Note. Similarly don’t perform DML in connectedCallback or on loading of LWC. Examples // Because of no encoding malicious script can be passed as userparam of the page. < apex:page controller =" myClass " action="{!init}"</ apex:page > public class myClass { public void init () { Id id = ApexPages.currentPage (). getParameters ().get('id’); Account obj = [select id, Name FROM Account WHERE id = :id]; delete obj ; return; } } //Solution Don’t perform any DML on onload of page. Note. Similarly don’t perform DML in connectedCallback or on loading of LWC.
11. Insecure Static Resources Problem Exposing sensitive files in static resources. Recommendation Do not store secrets in static resources. Use CSP Trusted Sites for third-party scripts. 12. Be aware of Lightning Locker Service/ Lightning Web Security / Salesforce CSP Problem There are many external js , tools or services which are blocked due to any of above security mechanisms from Salesforce. Recommendation Use CSP Trusted Sites for third-party scripts. In case of if any service wants to modify DOM. Use Salesforce’s Light, Shadow or Manual DOM concepts.
13. SOQL Injection Problem Untrusted user input can be directly concatenated in SOQL queries. Recommendation Use bind variables or String.escapeSingleQuotes (). Examples String userInput = ApexPages.currentPage (). getParameters ().get('id'); Account acc = Database.query ('SELECT Id, Name FROM Account WHERE Id = \' + userInput + '\’); //Solution String userInput = ApexPages.currentPage (). getParameters ().get('id'); Account acc = [SELECT Id, Name FROM Account WHERE Id = : userInput LIMIT 1]; SObject acc = Database.query (‘SELECT Id, Name FROM Account WHERE Id = : recordId AND Name = String. escapeSingleQuotes (‘ userInput ’) LIMIT 1];
14. Governer Limits Problem Package consumes too many resources (SOQL queries, DML operations, CPU timeout, Heap Size Limit ), causing timeouts or failures and many more. Recommendation Be aware of the governor limits. 15. TLS/SSL Misconfiguration Problem Using insecure HTTP endpoints instead of HTTPS for external integrations or using Older SSL or TLS versions. Recommendation Always use HTTPS for external endpoints and ensure TLS 1.2 compliance.
Automating Development with CumulusCI CumulusCI (CCI) is an open-source command-line utility that revolutionizes Salesforce development by automating repetitive tasks, improving efficiency and consistency across projects. Streamlines org creation and setup. Dependency Management. Simplifies deployment processes for both managed and unmanaged packages. Package or App Installation. Run tests (Apex, Jest, Robot browser and API automation). Load, modify, and capture data sets.
MetaCI Orchestrate development workflow. Easily define plans that run CumulusCI automation on specific branches and tags. Status reported to GitHub for process insights. Track releases and automatically generate release notes in GitHub. Continuous integration for Salesforce projects
MetaCI Create scratch orgs using CumulusCI automation through a web UI. Support declarative users with web UI
MetaDeploy Customer delivery with portable automation
MetaDeploy Smart, product-oriented installers create a great customer experience
Build Apps Together with Package Development : https://trailhead.salesforce.com/content/learn/trails/sfdx_get_started Build Apps Together with Package Development
Second-Generation Managed Packages: https://trailhead.salesforce.com/content/learn/modules/second-generation-managed-packages Second-Generation Managed Packages
Build Applications with CumulusCI : https://trailhead.salesforce.com/en/content/learn/trails/build-applications-with-cumulusci Build Applications with CumulusCI
Package Model: Salesforce Package Development Model Packaging Explained: Packaging Explained Build Package using Cumulus CI: Automate Development Lifecycle with CumulusCI CumulusCI Open Source Project: github.com/SFDO-Tooling/ CumulusCI Resources
Takeaways Design for scale and efficiency: Think about how your solution will perform when dealing with large amounts of data. Security is Not an Afterthought: No matter what you are building consider security from the very beginning. Mordern Development is Automated: Try to automate your redundant work.
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 107
- Slides 41
- Age 93 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views