|
AppXsecurity Academy Learning Paths
|
|
Cross-site scripting (XSS)
|
|
What is XSS?
|
|
How does XSS work?
|
|
Reflected XSS
|
|
Stored XSS
|
|
DOM-based XSS
|
|
How to prevent XSS
|
|
SOQL Injection
|
|
What is SOQL Injection?
|
|
How does SOQL Injection work?
|
|
How to prevent SOQL Injection
|
|
CRUD/FLS
|
|
What is CRUD/FLS?
|
|
How to enforce CRUD/FLS
|
|
Sharing Violation
|
|
What is Sharing Violation?
|
|
How to prevent Sharing Violations
|
|
Cross-site request forgery (CSRF)
|
|
What is CSRF?
|
|
How to prevent CSRF
|
|
Open Redirect
|
|
What is Open Redirect?
|
|
How to prevent Open Redirect
|
|
Insecure Secrets Management
|
|
What is Insecure Secrets Management?
|
|
How to securely manage secrets
|
|
Misconfiguration Abuse in Apex Callout Proxy
|
|
What is an Apex callout relay proxy anti-pattern?
|
|
How to secure Apex outbound relay logic
|
|
Unauthorized Outbound Access via Remote Site Settings Misconfiguration
|
|
What is endpoint over-configurability risk?
|
|
How to secure Remote Site endpoint selection
|
|
Unauthorized Record Access via Inherited Sharing Call Chains
|
|
What is inherited sharing call-chain confusion?
|
|
How to secure inherited-sharing call paths
|
|
Session Token Leakage in Outbound Messages
|
|
What is outbound SessionID leakage?
|
|
How to prevent session token leakage in outbound flows
|
|
Information Disclosure via Dynamic Object and Field Enumeration
|
|
What is dynamic metadata info disclosure?
|
|
How to secure dynamic object/field metadata APIs
|
|
postMessage Origin Validation Bypass in LWC
|
|
What is postMessage origin bypass?
|
|
How to secure postMessage handling in LWC
|
|
Exploiting Exposed Lightning Message Channels
|
|
What is LMS channel abuse?
|
|
How to secure exposed LMS channels
|
|
Cross-Package Privilege Escalation via @namespaceAccessible
|
|
What is cross-package privilege abuse?
|
|
How to secure namespace-accessible APIs
|
|
MCP Remote Server Security Misconfigurations
|
|
What are MCP remote endpoint risks?
|
|
How to test MCP remote endpoints
|
|
Insecure Use of High Privilege Methods
|
|
What are high privilege method risks?
|
|
How to secure privileged operations
|
|
Insecure PII Storage
|
|
What is Insecure PII Storage?
|
|
How to securely store PII
|
|
Insecure Loading of Static Resources
|
|
What is Insecure Loading of Static Resources?
|
|
How to securely load static resources
|
|
Unauthorised Use of SessionID
|
|
What is Unauthorised Use of SessionID?
|
|
How to prevent Unauthorised SessionID use
|
|
JS in Salesforce DOM
|
|
What is JS in Salesforce DOM?
|
|
How to prevent JS DOM vulnerabilities
|
|
All Topics
|
|
Getting started with the AppXsecurity Academy
|