+ Start a Discussion
RoundRound 

How to prepare security review for my app?

Hi all

 

We have developed a  live chat app integrated with Saleforce (Comm100 Live Chat, http://www.comm100.com/livechat/salesforce-integration.aspx). We use API access. Is it a Composite Salesforce app?  How to prepare the security review? Should I request the Burp License here? Should I pay the review fee before Burp License Request here? Our app is not free. 

 

Thanks 

 

 

 

Best Answer chosen by Admin (Salesforce Developers) 
aalbertaalbert

Please make sure to log a case in the partner portal. It should not take that long to get the BURP license. And you don't need to pay for the security review prior to receiving the burp license. 

All Answers

aalbertaalbert

A lot of this information can be found here: http://wiki.developerforce.com/page/Security_Review

 

But yes, please request a free Burp license to run test scans prior to submitting for security review. Also run the free Force.com code scanner. You will be required to submit both reports as part of the submission process. 

 

 

RoundRound

Hi, aalbert, 

 

Thanks for your reply.

 

But I still have some questions about the security review. Our app doesn't have a  package, then do we still need to run  the free Force.com code scanner? 

 

I have submitted my Burp license request but received no response wthin 7 business days, I have not paid the fee yet. Is that the reason?

 

Round

aalbertaalbert

No, you don't need to pay the security review fee to get the BURP license. Can you please log a case in the partner portal to check on why its taking so long to get the BURP license? 

 

Does your app not have a managed package because its API-Only? If so, you only need to run the BURP suite I believe. 

 

Thanks,

Andrew

RoundRound

Yes, our app is API-only. Our app is a paid one, so I think may be I need to pay the review fee before get Burp License.

aalbertaalbert

Please make sure to log a case in the partner portal. It should not take that long to get the BURP license. And you don't need to pay for the security review prior to receiving the burp license. 

This was selected as the best answer
RoundRound

I have logged a case on 25th Jun, but I have not received any response yet.