Jacob Rouser
Jul 11, 2019

We just released the second of our eight-part series for our Road to the AppExchange series. For many looking to join the AppExchange, Security Review can be one of the most daunting parts of the process — without passing it, your application cannot go live on the AppExchange.

Sean Hogan, CodeScience CRO, and Ron Kiker, Business Analyst in our Expert Services team, joined forces to cover what you need to know to set your company up for success for the Security Review. We’re going to cover one of the six areas in today’s blog post, if you want to learn from Ron’s 50+ successful security reviews, you’ll have to register here.

Take Advantage of the Tools Available to You

Going through Security Review is unavoidable — and as Ron puts it, “everyone has to go through this, and you’re not alone.” The Security Review process is about trust. It ensures each application on the AppExchange is secure and will keep client data safe. Without this process, many enterprise organizations wouldn’t even be able to consider leveraging the AppExchange without a long vetting process.

Because every partner has to go through this process, Salesforce has put together quite a few different resources for partners, and by taking the time to educate yourself on Salesforce’s philosophies and mechanics when it comes to security, you are better poised for success.

Here are a few key resources the team uses when onboarding a new client or ramping up a new employee going through the security review process for the first time:

  • ISVforce Guide
    • While the entirety of this guide can help answer many questions around the ISVforce program, this guide has a dedicated section on the Security Review and should serve as a reference if you’re getting stuck.
  • Security Review Module
    • A full Tailhead module that walks you through creating your security strategy in a way that aligns with Salesforce and shows you how to submit an app and list it on the AppExchange.
  • Develop Secure Web Apps Trail
    • This trial provides you with an “insecure” app and shows you how to fix the errors along the way. This trail covers the most common vulnerabilities applications face like CRUD/FLS violations, cross-site scripting, and cross-site request forgery.
  • Security Review Office Hours
    • These office hours are only available to current partners, but it gives you the chance to talk with the Security Review team at Salesforce. If you’d like to book time with the team, you must submit your questions beforehand, so they have time to research your application or your specific use case.

Thirsty for more knowledge on this topic? To discover the rest of these expert-level insights around the trifecta of security (CRUD, FLS, and sharing rules), how documentation can accelerate your process, and how to best solve your error if your application is kicked back, register here. By registering once, you’ll get access to the entirety of this eight-part series as each video releases.


Are you looking for a partner in the Salesforce Ecosystem? CodeScience specializes in bringing commercial applications to the AppExchange. With over 220 applications launched, we know what it takes to help partners thrive. Contact us today!

9 Secrets to Building a Successful AppExchange App

Join Our Mailing List