Security Review : problem by Impact showing half as "Spoofing Identity" and other half "Tampering with Data"
I am facing a similar problem, my package doesnot contain any VF page and has 02 apex class (where the isUpdateable() is used) for updating the values in the Custom fields in custom object
and 01 Trigger (to Create Task and email notification)
(Also the Test classes for the two apex classes and Trigger; so total of 05 Apex Classes)
On submission to the Force.com Scanner, my a report is returning "Problems by Impact" as half red for "Spoofing Identity" and other half "Tampering with Data"
and on the "Problems by Files" it is indicating the 01 Test Class
I need some help. We developed a Composite (Hosted) application that integrates with Salesforce. It's time for security review submission. We went through the requirements - http://wiki.developerforce.com/index.php/Security_Review. OWASP Top Ten Checklist and Requirements Checklist evaluated. We have followd the policies described on the page as closely as possible but we do not meet all of them a 100 %. For example we do not have a company wide security policy.
We have also run the Burp scanner.
Is there anything else that we should do?
Does Salesforce require a minimum unit tests code coverage for Composite (Hosted) applications? Does Salesforce require any information about our security policies prior to security review and if so, what kind of information?
Thank you in advance!