You need to sign in to do that
Don't have an account?
johnsmth
Web Scanner report and Security Review
Hi All,
I have build a application that call some external API in schedule jobs. I want to publish this app as free app on appexchange. From quite a long time I am stucked in clearing security review. I have scanned the API calls using burp tool and it has provided below 2 issues of Information severity.
1. Email addresses disclosed
2. SSL certificate
I do not consider these issues as valid issues. Now submitting app review process require report and false positive documents. My queries are
1. Will they raise any concerns on above issues
2. What is false positive document. Can any one share a sample document with me.
Thanks
Parul
I have build a application that call some external API in schedule jobs. I want to publish this app as free app on appexchange. From quite a long time I am stucked in clearing security review. I have scanned the API calls using burp tool and it has provided below 2 issues of Information severity.
1. Email addresses disclosed
2. SSL certificate
I do not consider these issues as valid issues. Now submitting app review process require report and false positive documents. My queries are
1. Will they raise any concerns on above issues
2. What is false positive document. Can any one share a sample document with me.
Thanks
Parul
As you need to clear all security issue before and have to summit a fee for AppExchage listing. Salesforce provides support in clearing these security issue and they will help you in your case.
Thanks for your response.
My Application is free APP so I believe I do not have to pay any fee. I create a support case with Salesforce support said that we have to fix clear report or otherwise provide false positive document.
I want to know what is false positive document and anyone has sample format of this document.
Regards
Ankur