▶ Watch related videos on YouTube — Search results for: Passing the security review for SFMC app exchange with custom activity on heroku
Understanding the Security Review Process
The security review team checks for any potential vulnerabilities that your app may introduce to the client’s SFMC environment. This includes reviewing the custom activity, server-to-server API integrations, and any other components that interact with SFMC.
When clients hit this issue, we recommend reviewing the security review checklist provided by Salesforce to ensure compliance.
Preparing for the Security Review
To prepare for the security review, it is essential to understand what the security review team checks. The team reviews the app’s architecture, data flows, and potential vulnerabilities.
The root cause of security review issues is often inadequate security measures, such as insufficient authentication, authorization, or data encryption.
Teams can prepare for the security review by ensuring their app follows best practices for security, such as using secure protocols for data transmission, validating user input, and implementing proper error handling.
Best Practices for Security
To ensure the security of your custom activity, follow best practices such as:
security.js
const https = require('https');
const express = require('express');
const app = express();
app.use(express.json());
app.use(express.urlencoded({ extended: true }));
// Use secure protocols for data transmission
app.use((req, res, next) => {
if (req.secure) {
next();
} else {
res.redirect('https://' + req.hostname + req.url);
}
});
Additionally, ensure that your app handles errors properly and validates user input to prevent potential vulnerabilities.
Heads up: Ensure that your app complies with all relevant regulations, such as GDPR and CCPA.
Checklist for Security Review
Security Review Checklist
- Ensure your app uses secure protocols for data transmission
- Validate user input to prevent potential vulnerabilities
- Implement proper error handling
- Use secure authentication and authorization mechanisms
- Comply with all relevant regulations, such as GDPR and CCPA
- Regularly review and update your app’s security measures
Frequently Asked Questions
What is the security review process for SFMC App Exchange?
The security review process involves reviewing the app’s architecture, data flows, and potential vulnerabilities to ensure compliance with Salesforce’s security standards.
How can I prepare for the security review?
To prepare for the security review, ensure your app follows best practices for security, such as using secure protocols for data transmission, validating user input, and implementing proper error handling.
What are the common security review issues?
Common security review issues include inadequate security measures, such as insufficient authentication, authorization, or data encryption.
How often should I review and update my app’s security measures?
It is recommended to regularly review and update your app’s security measures to ensure compliance with changing regulations and to prevent potential vulnerabilities.
Need help shipping this in production?
Genetrix builds and untangles Salesforce Marketing Cloud and Agentforce setups for teams that want it done right the first time. If anything in this post sounds familiar, talk to us before it ships.
