function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

Burp Scan Necessary?

I am looking to list an app I developed on the appExchange.  The app contains a VF component with a js library that talks to a label printer and also includes a few JS remoting calls to fetch some data from the component controller.  Does this fit within the context of a web service, therefore requiring a burp scan for the app security review?  It doesn't seem to me that it would, but I'm a little bit confused.


Hello Bryan,


The Burp tool must only be used to evaluate the security of your web application that resides outside of (e.g. For applications residing completely on (e.g., etc.), please use the Source Source Scanner . So i don't think that you need a Burp scan.

Please note that you are not permitted to run this tool against any servers owned and operated by, without prior written approval.


For details please refer below link: