092: Data Security with Alba Rivas

Alba Rivas is a Lead Developer Evangelist at Salesforce and former Salesforce MVP. While in the past, Alba has presented frequently on migrating to Lightning Web Components  (LWC) - today, she talks about data security on the platform. We chat about some best practices to prevent leaking data or creating dangerous app security vulnerabilities when coding with Apex and with LWC. She also shares some tips and tricks for handling secrets in encryption. Alba believes any developer should think about data security right from the very beginning and that applying best practices is crucial for having a high quality application to prevent vulnerabilities and attacks, which could be a big issue for any company. Show Highlights:   Moving from Visualforce to Lightning Web Components (LWC) Creating a Trailhead Module  CRUD field level security vs. record level security The importance of Apex and how it works within SQL queries How to use schema to check if somebody has access to a record What the Apex recipes project does and what functions support security What Apex’s pilot user mode does and what the SOQL injection is for An example of a successful injection attack and what it does to a web application  What is a cross-site scripting attack? Lightning Locker vs. content security policy (CSP) How to enforce security in LWC Some edge cases LWC developers need to worry about Tips for securing data back in the database itself and protecting custom metadata   Links: Migrating Visualforce to LWC Alba on Twitter: @AlbaSFDC Alba on Linkedin: https://www.linkedin.com/in/alba-rivas/ Alba on Github: https://github.com/albarivas Alba's post on security: https://developer.salesforce.com/blogs/2021/07/security-for-salesforce-developers.html