Security best practices
Best practices for security
Code Reviews - Hardcoded secret
Code Reviews Rules - Passwords set programmatically
Code Reviews Rules - Avoid Using HTTP Referer Headers
Code Reviews Rules - Email spamming risk
Insecure sharing to external users
Code Reviews Rules - Server-side Payload Injection
Code Reviews Rules - User Registration Without Limits
Code Reviews Rules - LWC Clickjacking on CSS
Code Reviews Rules - Import of sensitive fields in Lightning Web Components (LWC)
Code Reviews Rules - Direct DOM manipulation in Lightning Web Components (LWC)
Code Review Rules - Sensitive information storage
Sensitive information logging
Code Review Rules - Excessive data access permissions
Subresource integrity
Content Security Policy (CSP)
Insecure endpoints
Named credentials
Randomization of cryptographic keys
Use of Session storage and Local storage
Use of Session ID in Visualforce
Missing access restrictions in flows