Force.com: Secure Cloud Development. Varun Badhwar Force.com Security Manager



Similar documents
Developers: Build Next Generation Apps. Michael Yeganeh Solution Engineering Lead

Welcome to the Force.com Developer Day

The Fastest Path to the Cloud Building Your SaaS Company on Force.com

PLATFORM AS A SERVICE MULTI TENANCY AND OPEN STANDARDS. Peter salesforce.com!

VerticalResponse for AppExchange: Past, Present and Future

Salesforce.com and the financial services sector

Cloud to Cloud Integrations with Force.com. Sandeep Bhanot Developer

Secure Coding. External App Integrations. Tim Bach Product Security Engineer salesforce.com. Astha Singhal Product Security Engineer salesforce.

The Desktop is Dead... Let s Talk About the Living! Bruce Richardson, Chief Enterprise Strategist brichardson@salesforce.com

Secure Coding SSL, SOAP and REST. Astha Singhal Product Security Engineer salesforce.com

Salesforce Announces Fiscal 2016 First Quarter Results Becomes First Enterprise Cloud Computing Company to Reach $6 Billion Revenue Run Rate

Salesforce delivered the following results for its fiscal fourth quarter and full fiscal year 2015:

Webhooks. Near-real time event processing with guaranteed delivery of HTTP callbacks. HBaseCon 2015

WELCOME! Webinar on roundcorner's donor engagement platform roundcause. with Childfund International, IRC, Salesforce Foundation and roundcorner

SPRING 14 RELEASE NOTES

AKAMAI AND RIVERBED JOINTLY DEVELOP INNOVATIVE SAAS ACCELERATION SOLUTION

Building the Global Cloud

elivering CRM Success in the Cloud

IMS Health to Acquire Cegedim s Information Solutions And CRM Businesses

Adobe Systems Incorporated

Big Data Use Cases. At Salesforce.com. Narayan Bharadwaj Director, Product Management

SuccessFactors Announces Record First Quarter Fiscal 2009 Results

Sierra Wireless Reports Second Quarter 2015 Results

Secure Development Lifecycle. Eoin Keary & Jim Manico

Safe Harbor Statement

Cloud Sherpas. SALESFORCE Simplified Deployment Strategy Google Partner of the Year

Embracing the Cloud 5 Key Benefits From Salesforce.com. Mark Easley Sr. Director Sales Engineering Service Cloud measley@salesforce.

The AppSec How-To: 10 Steps to Secure Agile Development

WebGoat for testing your Application Security tools

5 Reasons CIOs are Adopting Cloud Computing in 2009 Application Development that s 5 Times Faster at 1/2 the Cost

Oracle Database 12c. Andy Mendelsohn. Senior Vice President, Oracle Database Server Technologies

Oracle Cloud: Line of Business PaaS Services. Balaji Yelamanchili Senior Vice President Product Development

BlackBerry Reports Software and Services Growth of 106 Percent for Q4 and 113 Percent for Fiscal 2016

ACI Worldwide, Inc. Reports Financial Results for the Quarter Ended March 31, 2014

4Q15 Earnings February 2016

Western Union. Khalid Fellahi, SVP & GM WU Digital. March 25, 2014

PAYCHEX, INC. REPORTS SECOND QUARTER RESULTS

SAP The World s Leading Business Software Company. Rainer Zinow, Senior Vice President SAP Cloud, SAP SE Frankfurt am Main, September 9, 2014

Microsoft Cloud Strength Highlights Second Quarter Results

KICK-START CLOUD VENTURES

AKAMAI REPORTS SECOND QUARTER 2015 FINANCIAL RESULTS

IBM Rational AppScan: Application security and risk management

Vivint Wireless Internet Update. September 23, 2015

A Strategic Approach to Web Application Security The importance of a secure software development lifecycle

Key Considerations for Information Technology Governance. 900 Monroe NW Grand Rapids, MI (616)

Regal Beloit Corporation Third Quarter 2014 Earnings Conference Call

Management Discussion and Analysis For The 9 Months Ended, June

Debt Investors Call First Quarter Walldorf, Germany Monday, May 4, 2015

5 Reasons CIOs are Adopting Cloud Computing in 2010 Application Development that s 5 Times Faster at 1/2 the Cost

Q Financial Results

Integrating Remedyforce

Brookfield Property Partners Offer to Purchase Any or All Issued and Outstanding Common Shares of Brookfield Office Properties Inc.

PAYCHEX, INC. REPORTS THIRD QUARTER RESULTS

Third-Quarter 2015 Earnings Conference Call Executive Commentary Highlights. October 27, 2015

2015 Second Quarter Business Review (unaudited) July 23, 2015

Course Details V1.0. Selinis Technologies Pvt Ltd. 2012, All Rights Reserved

Learning objectives for today s session

Project #1: Supporting Development Needs Across Multiple Salesforce Projects for a US Company

Successful Platform-as-a-Service Requires a Supporting Ecosystem for HR Applications

Strategic Information Security. Attacking and Defending Web Services

Public Cloud Offerings and Private Cloud Options. Week 2 Lecture 4. M. Ali Babar

Fourth Quarter 2015 Earnings Release February 3, 2016

Salesforce Admin Course Content: Chapter 1 CRM Introduction Introduction to CRM? Why CRM?

PAYCHEX, INC. REPORTS FOURTH QUARTER AND FISCAL 2015 RESULTS

White Paper. Automating Your Code Review: Moving to a SaaS Model for Application Security

Driving Shareholder Value

Challenging quarter for Mobile Devices. Daily order rates improving. Free Cash Flow > Net Income. FCT acquisition. Page 3

Test Challenges and Approaches With SaaS and PaaS. Dr. Ganesh Neelakanta Iyer Principal QA Engineer Progress Software

CITIGROUP GLOBAL TECHNOLOGY CONFERENCE. September 2, 2014

SECURITY AND REGULATORY COMPLIANCE OVERVIEW

SAP The World s Leading Business Software Company. Investor Presentation SAP Senior Management Global Investor Roadshow, Nov.

Sierra Wireless Corporate Overview. February 2015

Transcription:

Force.com: Secure Cloud Development Varun Badhwar Force.com Security Manager

Safe Harbor Statement Safe harbor statement under the Private Securities Litigation Reform Act of 1995: This presentation may contain forwardlooking statements including but not limited to statements concerning the potential market for our existing service offerings and future offerings. All of our forward looking statements involve risks, uncertainties and assumptions. If any such risks or uncertainties materialize or if any of the assumptions proves incorrect, our results could differ materially from the results expressed or implied by the forward-looking statements we make. The risks and uncertainties referred to above include - but are not limited to - risks associated with possible fluctuations in our operating results and cash flows, rate of growth and anticipated revenue run rate, errors, interruptions or delays in our service or our Web hosting, our new business model, our history of operating losses, the possibility that we will not remain profitable, breach of our security measures, the emerging market in which we operate, our relatively limited operating history, our ability to hire, retain and motivate our employees and manage our growth, competition, our ability to continue to release and gain customer acceptance of new and improved versions of our service, customer and partner acceptance of the AppExchange, successful customer deployment and utilization of our services, unanticipated changes in our effective tax rate, fluctuations in the number of shares outstanding, the price of such shares, foreign currency exchange rates and interest rates. Further information on these and other factors that could affect our financial results is included in the reports on Forms 10- K, 10-Q and 8-K and in other filings we make with the Securities and Exchange Commission from time to time. These documents are available on the SEC Filings section of the Investor Information section of our website at www.salesforce.com/investor. Salesforce.com, inc. assumes no obligation and does not intend to update these forwardlooking statements, except as required by law.

Agenda Salesforce.com s Philosophy Vision Secure Cloud Development: Education Secure Design Secure Development Secure Testing Secure Release Resources Q&A

Salesforce.com Philosophy Success of cloud computing dependant on earning and maintaining customer trust Protecting the privacy of customer data is salesforce.com s core value Details available at: http://trust.salesforce.com/trust/security/

Vision Value Trust as a Top Priority Create a security conscious community encompassing developers / ISVs Enabling Success Provide free educational resources, tools and processes that help deliver trusted Force.com applications Reduce Development Costs According to NIST*, eliminating vulnerabilities in the design stage can cost 30 times less than fixing them post-release * NIST The National Institute of Standard and Technology

Force.com Secure Cloud Development Education Release Design Test Develop Seamless integration of security into your existing SDLC

Secure Education Overview of Force.com Security Learn about the sharing model and various security controls available to org administrators Developer Training Get educated on writing secure code on Force.com Developer Quiz Assess your security awareness and learn to identify vulnerabilities within Force.com code

Secure Design Security Resources Generic Force.com articles and resources. Topics include SAML, sharing, etc. Security Self-Assessment Receive a customized report with links to security articles and resources specific to your application architecture Office Hours Receive free consultation from a member of the salesforce.com security team Security Discussion Board http://community.salesforce.com/t5/security/bdp/security

Secure Development Secure Coding Guidelines Obtain platform-specific (Force.com, Java,.Net, etc.) recommendations on mitigating security vulnerabilities such as XSS, Injection, Session Management, etc. Secure Coding Library Open source library for implementing additional security features (CRUD/FLS, input validation, output encoding, etc.) Part of OWASP Enterprise Security API

Secure Testing Force.com Security Source Scanner On-demand static source code analysis tool to help identify potential vulnerabilities within your Apex and Visualforce code Web Application Security Scanner Integrating a web-application with Force.com? AppExchange partners are entitled to receive a free license for Burp Suite Professional

Secure Release Salesforce.com Security Review Periodic security review of AppExchange and OEM applications Details published at: http://wiki.developerforce.com/index.php/ Security_Review Incident Response (Coming Soon) Guidance on engaging with customers and salesforce.com in case of a security incident

Conclusion Free, ready to consume resources Secure Force.com ecosystem Reduced development costs Streamlined AppExchange security process Education Release Design Test Develop

Key Resources Secure Cloud Development Home Page On-Demand Security Source Code Scanner Security Discussion Board AppExchange Security Review OWASP

Q&A Security Discussion Board: http://community.salesforce.com/t5/security/bd-p/security

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information