Third-party applications can pose a significant risk to a company. You are forced to trust the maintainer with sensitive data and access to internal networks. As a company scales, managing security across a fleet of third-party applications becomes difficult. Salesforce has reviewed over 4000 applications in the process of securing all apps listed on our AppExchange. Participants will learn the best practices around tooling, processes, and manual reviews that work at Salesforce. These practices have prevented thousands of vulnerabilities from reaching victims, and are flexible enough to mature as the threat landscape changes (goodbye TLS 1.0, hello credential stuffing). Through a combination of automation, manual review, and well-defined processes, you can drive down risk for your company.
“I like the technical work and the actual finding and fixing of bugs, but if you don’t get the process stuff right, the technical stuff goes to waste.”
Ryan Flood
About the speakers:
Ryan Flood Manager, ProdSec, Salesforce
Ryan Flood is a manager of product security at Salesforce and oversees the AppExchange security review process. Using the lessons he learned as a security reviewer within the AppExchange security process, he has made security education a top priority.
Prashanth Kannan Product Security Engineer, Salesforce
Prashanth Kannan is currently Product Security engineer at Salesforce. He is currently security engineer for Health cloud, Financial services cloud, and does Appexchange security reviews. Prior to this, he did his masters at Johns Hopkins University.