US English (US)
ES Spanish

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Log in
English (US)
US English (US)
ES Spanish
  • Home
  • About Us
  • Who is RIO Education?

RIO Education AppExchange Listing

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • About Us
    Who is RIO Education? RIO Events Start Your RIO Journey Experience RIO in action Customer go-live events Our Partners Housekeeping
  • RIO Insights
    Careers
  • RIO Recipe
    Project Management & Governance Discovery Design & Prototype Build & Implementation UAT Deployment & Metadata RIO Recipe: Training
  • RIO Academy
    RIO Partner Enablement Program RIO Challenge V2 Learning Material Video Guides
  • Install RIO Education
    Configuration Integration with RIO Extension Package Installer Products
  • Releases
    Release Notes
  • Support
    Support FAQs Feature Articles Deep Dive Updates for other products
+ More

Table of Contents

Design and Development Automated Scanning Tool Security Review AppExchange New Release


RIO Education is a native Salesforce Student Information System (SIS, SMS) listed on the AppExchange. See it here.

For the solution to be listed on the AppExchange, RIO Education has to go through Salesforce's security review process and pass it. The security review ensures that the solution we publish on the AppExchange meets industry security best practices.  

This article outlines the series of processes that RIO Education went through before it can be publicly listed as a solution in the AppExchange.


Design and Development

Only solutions that pass the AppExchange security review will be approved. Hence, the solution design and development of RIO Education were done based on the following guides:

  • Security Guidelines for Apex and VisualForce Development.
  • Apex & VisualForce Security Tips.
  • Lightning Aura Components Developer Guide.
  • Secure Coding Guide.
  • B2C Commerce Security Best Practices for Developers.
  • AppExchange Security Requirement Checklist (requires a Salesforce login to view).  


Throughout the development lifecycle, an automated scanning tool was also used to constantly test/check the codes (please see below for more information) to ensure that the codes comply with Salesforce quality and security standards. 


Automated Scanning Tool

Source Code Scanner, which is also referred to as the Checkmarx scanner, was used to scan and detect for any possible quality and security issues in the solution. 

The scanner assisted in:

  • Quality profile - detecting common Apex coding and design issues e.g. DML statements inside loops, SOQL/SOSL inside loops etc. (please read more in the link below). 
  • Security profile - detecting security vulnerabilities e.g. Cross Site Scripting (reflected, stored, and DOM based), SOQL/SOSL Injection etc. (please read more in the link below).


This was to ensure that all issues can be identified and addressed prior to the AppExchange security review.

For more information on the scanner, please click here.



Security Review

Only when the scanned results are clean, we proceeded to the next stage; the AppExchange security review.

In order to continue with the security review, RIO Education solution was packaged (in managed packaged) and installed into a Salesforce test environment. 

The test environment was then handed over to the Security review team for reviewing/checking/testing.

Any security vulnerabilities reported were attended/fixed and resubmitted for follow-up review. This process continued until there were no further actions required and the solution has fully passed the review/test.

For more information, please click here.



AppExchange

When the solution passed the security review, only then it could be publicly listed in the AppExchange.


New Release

Any new releases have and will go through the same process as above.




is rio education listed on the appexchange rio education salesforce/appexchange security review

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • RIO Education Features Detail
  • Features Snapshot
  • Our Technology Partners
  • Faculty using Lightning Platform Starter & Cases
RIO Education

RIO Education Inc, a WDCi Company. This information is proprietary, confidential and protected by copyright ©2023.

CONTACT

E:  getinfo@wdcigroup.net

  • Privacy
  • Terms of service

Definition by Author

0
0
Expand