Review your Security Review results. The nice thing about the report is that it gives We can also alert you to the types of you specific descriptions of the issues it finds. It vulnerabilities we exploited to break into your You will receive your Security Review results provides a hyperlinked table of contents at the solution, but we can’t make an exhaustive via the email address you provided when top of the report that looks something like this: list. Your team has a lot more expertise in submitting your solution for Security Review. your codebase anyway. So you can find these See below for further instructions based on a. SOQL Injection Vulnerability... vulnerabilities faster than we can once you your solution’s result. b. Sensitive Information in Debug know that they exist. Vulnerability... Pass Result c. Information Disclosure Vulnerability... We can only spend a limited amount of d. CRUD/FLS Enforcement Vulnerability... time finding vulnerabilities in your product. Congrats! You’ve completed the second Sometimes when a solution is re-reviewed, milestone, Complete Security Review and Each entry is a type of security vulnerability. we find some new kinds of vulnerabilities are now able to Publish Your Listing on the Beneath each entry is the name of the we didn’t see the first time. Testing isn’t AppExchange! component where the vulnerability was comprehensive, either in width or depth. So discovered. Below the table of contents are when you review your codebase, keep your Fail Result detailed descriptions of each vulnerability. eyes peeled for all kinds of vulnerabilities, Clicking an entry takes you to the even those not in the report. If your product doesn’t pass its first Security corresponding description. Review, don’t fret! Half of all submitted offerings fail their first Security Review. Security isn’t easy! The report lists every kind of vulnerability found If it were, we wouldn’t actually need the Security in your product, but not every instance. If you Review process. see a SOQL injection vulnerability on the list, review all your code—not solely the component If your product doesn’t pass its Security Review, mentioned—for SOQL injection opportunities. you’ll receive feedback as a report that lists the vulnerabilities that the security team found. The email you receive also has detailed instructions on how to fix these vulnerabilities. 2 2 2