Docusign rest api scanning using ZAP for managed package in Salesforce - Forcetalks

Tagged: Docusign, Managed Package, Rest API, Salesforce REST API, Salesforce Security Review, Security Review Process in Salesforce, Zap

Salesforce® Discussions

Docusign rest api scanning using ZAP for managed package in Salesforce

Posted by Anshuman on March 10, 2018 at 6:06 AM

Hi All,

I have a managed package which is consuming Docusign rest APIs so for submitting our app for security review we are required to submit external endpoints scan results. We are using ZAP for scanning, already setup proxies but we are not sure exact steps to scan Docusign endpoints for security review. If anyone has done so then please let me know.

I tried to open DocuSign app link in the browser (where I had set up proxies) and downloaded the scan results which has some “medium” and “low” category issues but as these issues are not from our end so how can we resolve them. Also, we are calling some specific endpoints of DocuSign from Apex, is there any to directly scan them?

Thanks!

Anshuman replied 8 years, 2 months ago 1 Member · 0 Replies
0 Replies

Log In to reply.