All posts of Lorenzo

3 things that most teams miss during code review

As Clayton’s founder, I have been working with dozen of Salesforce teams throughout my career. As I look at how they manage their code reviews, there are 3 things that most of them miss. In this short blog post I will share them with you. CRUD/FLS violations This simply means that the object and field-level […]

Become a Salesforce Security Champion: 3 steps to get you started

Why every Salesforce development team needs a Security Champion. “Security Champion” is a concept made popular by the Open Web Application Security Project (OWASP). Security Champions are members of a development team that take direct responsibility in security and actively promote security best practices. With more and more data moving to the cloud, the need […]

[Survey] Help us understand the state of secure development in the Salesforce ecosystem

Companies of all sizes and industries are using Salesforce across departments to run their businesses faster. As the number of Salesforce applications grows, and more customer data shifts to the Cloud, application security becomes even more crucial. Are you a Salesforce expert? Share your opinion on this matter. We are asking Salesforce professionals for their […]

How to choose your Salesforce static analysis tool

What is static code analysis? Static code analysis tools can process application source code automatically, and help identify problems, security flaws, estimate technical debt, etc. Such tools process large amounts of code in a very scalable way and enforce checks systematically; for this reason, they can be instrumental to your technical debt management strategy. How […]

What we learnt scanning 10.2 billion lines of Salesforce code

We find one serious security problem every 39,000 lines of code; this affects, on average, 2 orgs out of 5. At Clayton, we examine tens of millions of lines of code and configuration every day, looking for security vulnerabilities and anti-patterns before they put at risk our customer’s Salesforce investments.