Security best practices
Best practices for security
Clayton Rules - Hardcoded secret
Clayton Rules - Passwords set programmatically
Clayton Rules - Avoid Using HTTP Referer Headers
Clayton Rules - Email spamming risk
Insecure sharing to external users
Clayton Rules - Server-side Payload Injection
Clayton Rules - User Registration Without Limits
Clayton Rules - LWC Clickjacking on CSS
Clayton Rules - Import of sensitive fields in Lightning Web Components (LWC)
Clayton Rules - Direct DOM manipulation in Lightning Web Components (LWC)
Clayton Rules - Sensitive information storage
Sensitive information logging
Clayton Rules - Excessive data access permissions
Subresource integrity
Content Security Policy (CSP)
Insecure endpoints
Named credentials
Randomization of cryptographic keys
Use of Session storage and Local storage
Use of Session ID in Visualforce
Missing access restrictions in flows