Clayton
Your guide to Clayton
What is Clayton?
Adding team members
Planning your Clayton trial
Clayton quick start guide
Understanding Scan results
Clayton and Gearset Support Integration
Guides and Tutorials
Go Live Checklist
Clayton Connections
Create a new Project
Clayton Policies Explained
Customize your project settings
Project Protection Criteria
Trigger your first review
Use native ZIP functions over Zippex
Hardcoded secret
Passwords set programmatically
Avoid Using HTTP Referer Headers
Flow Access Restriction
Email spamming risk
Insecure sharing to external users
Server-side Payload Injection
User Registration Without Limits
LWC Clickjacking on CSS
Import of sensitive fields in Lightning Web Components (LWC)
Direct DOM manipulation in Lightning Web Components (LWC)
Sensitive information storage
Sensitive information logging
Excessive data access permissions
Subresource integrity
Content Security Policy (CSP)
Insecure endpoints
Named credentials
Randomization of cryptographic keys
Use of Session storage and Local storage
Use of Session ID in Visualforce
Multiple automation on the same object
Multiple record-triggered flows on the same object
Call to blocklisted method
Missing fault path in Flows
Identify methods with global visibility
Asynchronous methods in loops
Boundaries on SOQL statements
Bulkification of triggers
Business logic in triggers
Metadata API recency
Multiple triggers per object
Number of arguments per method
Send email in loops
Inefficient Calls to Schema.getGlobalDescribe
Use of spaces in attribute class selectors
Non-selective SOQL queries on large objects
Database changes in Flow loop paths