You need to sign in to do that
Don't have an account?
Saravanan @Creation
Burp scan run
Hi All,
Salesforce have asked me to do a BURP Scan on my managed package before I submit it to the AppExchange.
My Managed Package is built on the Force.com platform. It does perform a couple of callouts to other applications.
I have a license and was able to launch BURP.
Here's what I have tried (based on this tutorial - http://security.force.com/security/tools/webapp/burptut ):
I have added login.salesforce.com to scope
Logging into salesforce and Spider the Org url where i have my managed package
Finally, I have run scanner on my Org url.
I have tried this,But the Burp Scanner aborted the scan and displayed "abandoned - too many errors".
Should I need to scan mywhole salesforce Org or Is it enough to only scan my Visualforce pages ?
And I have one more doubt. I am calling out GoogleMaps API to find location in my app. I am using this in only 3 pages in my app.
So, Is that enough to scan only those 3 pages ? And do I have to run scan on my page url or page sourcecode ?
Thanks in advance!!
Salesforce have asked me to do a BURP Scan on my managed package before I submit it to the AppExchange.
My Managed Package is built on the Force.com platform. It does perform a couple of callouts to other applications.
I have a license and was able to launch BURP.
Here's what I have tried (based on this tutorial - http://security.force.com/security/tools/webapp/burptut ):
I have added login.salesforce.com to scope
Logging into salesforce and Spider the Org url where i have my managed package
Finally, I have run scanner on my Org url.
I have tried this,But the Burp Scanner aborted the scan and displayed "abandoned - too many errors".
Should I need to scan mywhole salesforce Org or Is it enough to only scan my Visualforce pages ?
And I have one more doubt. I am calling out GoogleMaps API to find location in my app. I am using this in only 3 pages in my app.
So, Is that enough to scan only those 3 pages ? And do I have to run scan on my page url or page sourcecode ?
Thanks in advance!!
I'm facing the same issue. I have submitted my application for Secuirty review . Did you solved your issue. Can you please guide me how to solve this.
Thanks in advance.