+ Start a Discussion
Saravanan @CreationSaravanan @Creation 

Burp scan run

Hi All,

Salesforce have asked me to do a BURP Scan on my managed package before I submit it to the AppExchange.
My Managed Package is built on the Force.com platform. It does perform a couple of callouts to other applications.
I have a license and was able to launch BURP.

Here's what I have tried (based on this tutorial - http://security.force.com/security/tools/webapp/burptut ):

I have added login.salesforce.com to scope
Logging into salesforce and Spider the Org url where i have my managed package
Finally, I have run scanner on my Org url.
I have tried this,But the Burp Scanner aborted the scan and displayed "abandoned - too many errors".

Should I need to scan mywhole salesforce Org or Is it enough to only scan my Visualforce pages ?

And I have one more doubt. I am calling out GoogleMaps API to find location in my app. I am using this in only 3 pages in my app.

So, Is that enough to scan only those 3 pages ? And do I have to run scan on my page url or page sourcecode ?

Thanks in advance!!
Hi Saravanan,

I'm facing the same issue. I have submitted my application for Secuirty review . Did you solved your issue. Can you please guide me how to solve this.

Thanks in advance.