how to launch your appexchange app at dreamforce

36
New Customers Around Every Corner The Importance of a Dreamforce AppExchange Launch

Upload: codescience

Post on 23-Jan-2018

306 views

Category:

Technology


2 download

TRANSCRIPT

Page 1: How to Launch Your AppExchange App at Dreamforce

New Customers Around Every Corner

The Importance of a Dreamforce AppExchange Launch

Page 2: How to Launch Your AppExchange App at Dreamforce

Hana Mandapat

Director of Marketing, AppExchange Partner Program

Page 3: How to Launch Your AppExchange App at Dreamforce

Forward Looking Statement

Safe harbor statement under the Private Securities Litigation Reform Act of 1995:

This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services.

The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site.

Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.

Page 4: How to Launch Your AppExchange App at Dreamforce

Salesforce AppExchange Advantage

With the #1 Ecosystem

3K+ AppExchange Apps

Resources, Events, Partnerships, BrandAccess to Customers Access to Ecosystem100+ Countries, SMB to Enterprise

More Secure Apps

1 Trusted Platform150K+ Salesforce

Customers

Access to TechnologyPlatform, Workflows, APIs

Page 5: How to Launch Your AppExchange App at Dreamforce
Page 6: How to Launch Your AppExchange App at Dreamforce

Bob MarshCEO

● Launched sales performance app at at Dreamforce 2012

● Cohesive experience across booth, meeting room and marketing collateral

● Consistent ROI from Dreamforce investment; 6-week payback in 2015

Page 7: How to Launch Your AppExchange App at Dreamforce

Geoji GeorgeSVP, Strategy & Alliances

● Launched “Order to Cash” work management solution at Dreamforce 2016

● Increased quality leads to drive new deal pipeline throughout the year

● Developed connections with other partners and Salesforce at the event

Page 8: How to Launch Your AppExchange App at Dreamforce

Manishi Singh

Senior Director, AppExchange Technical Evangelism, Salesforce

Page 9: How to Launch Your AppExchange App at Dreamforce

“Nothing is more important to our company than the privacy of our customers’ data”

Parker HarrisCo-Founder and CTO

Page 10: How to Launch Your AppExchange App at Dreamforce

Security Review is a benefit!

Meet the security expectations of enterprise customers

Become a member of a trusted ecosystem of app vendors

Make security a primary concern of your business

It helps you sell to enterprise companies

Page 11: How to Launch Your AppExchange App at Dreamforce

EducationGetting started with web application security

● Partner Community - Education - Security Review● OWASP

○ Open Web Application Security Project○ OWASP Top Ten

● Trust Academy courses○ e.g. SR101, SECDEV1, SECDEV2

● Security team○ Security Office Hours○ [email protected]

● SR Operations team○ SR Submission office hours

● Fun ways to learn○ Google XSS Game○ bWAPP - an extremely buggy web app

Page 12: How to Launch Your AppExchange App at Dreamforce

Testing

Adversary Testing

● Not unit/functional/regression testing

● Testers should be playing the role of a hacker/adversary

● Testers should be looking to exploit the application

Their goal should be to extract data they don’t have permission to access

Automated Testing

● Static Code Analysis○ Force.com Code Scanner / CheckMarx

● Web Application Scanners○ ZAP (OWASP Zed Attack Proxy)○ Chimera

● Other○ nMap, nikto, Qualys SSL Labs

Manual Testing

● Code reviews, input/parameter testing● Interactive Sessions with Web Application

Scanners / Network Protocol Analysis tools

Automated tools are no substitute for

manual testing!

Page 13: How to Launch Your AppExchange App at Dreamforce

Security Review

● Standards based● Adversary focused● Enterprise Level

Your app must pass Security Review before we test it

Mandatory for all ISV Apps!

Page 14: How to Launch Your AppExchange App at Dreamforce

Security Review Process

Note:The quality of the Security Review submission has significant impact on the amount of time it can take to review an application.

The largest delay in the process occurs in between test cycles when the partner is fixing issues identified during the review.

ISV Partner

Submit for SR via Partner Community

SR Operations

Process submission

Security Team

Waiting in queue

Security Team

Perform tests & validate results

SR Operations

Notify partner of result

Page 15: How to Launch Your AppExchange App at Dreamforce

What is the scope of the review?It’s everything inside the red box - Anything a new customer would need

Page 16: How to Launch Your AppExchange App at Dreamforce

Security Review requirementsAppExchange Top 10

Cross Site Scripting (XSS)

CRUD/FLS (Access control)

Information Disclosure

Cross Site Request Forgery (CSRF)

Sharing violation

Sensitive data leakage

Authorization

Broken session management

SSL Configuration

Sensitive Information in Debug

OWASP Top 10

Injection

Broken Authentication and Session Mgmt

Cross Site Scripting (XSS)

Insecure Direct Object References

Security Misconfiguration

Sensitive data exposure

Missing Function Level Access Control

Cross Site Request Forgery (CSRF)

Using Known Vulnerable Components

Unvalidated Redirects and Forwards

Page 17: How to Launch Your AppExchange App at Dreamforce

Make sure we have everything we need to test your app

Complete end-to-end testing environment for all elements of solution

Correct credentials to all systems

Test account, web app, other

Apex / Visualforce scanner report (Checkmarx)

ZAP or Chimera report

False positive documentation

Page 18: How to Launch Your AppExchange App at Dreamforce

Submission Requirements

Requirements NativeNative + Lightning Components

Composite Web App/Service

Client Composite Mobile/Client

API Only

Force.com environment

Yes Yes(With components configured for testing)

Yes Yes Yes

External components / credentials

Yese.g. urls, credentials

Yese.g. link to APK

Yese.g. urls, credentials

Managed package

Yes Yes Yes

Force.com code scanner report

Yes Yes Yes

ZAP/Burp/Chimera report

Yes Yes(ZAP/Burp)

Yes

False positive report

If required If required If required If required If required

Documentation Recommended Recommended Recommended Recommended Recommended

Page 19: How to Launch Your AppExchange App at Dreamforce

Interpreting results

Sorry! Your app failed

Don’t panic!• Product Security Office Hours• The report is focused on breadth, not depth. Test

is time-boxed*• Conduct a comprehensive review - make required

fixes• Re-run reports (Checkmarx, ZAP/Burp/Chimera)• Ensure the test environment has the latest package

version• Schedule a follow-up Security Review

Congratulations! Your app passed

Next steps• Get to work on Trialforce/Templates (if

applicable), TSO/Templates require a Security Review as well

• Complete your AppExchange listing• Market/Sell/Succeed!

*We can’t include every instance of a vulnerability/issue in the report

Page 21: How to Launch Your AppExchange App at Dreamforce

Get to Market Faster with a Certified PDOSalesforce app development experts to help

Architecture Design

Integration and App Development

Performance Optimization

Security Review Consultation

35+ PDOs available across the globe

Page 22: How to Launch Your AppExchange App at Dreamforce

Brian Walsh

CEO, CodeScience

Page 23: How to Launch Your AppExchange App at Dreamforce

● Founding partner in the Salesforce Product Development Outsourcing (PDO) Program since 2008

● PDO Program provides app development services to ISVs for Salesforce AppExchange

● Partnered with many clients in various industries to assist in building 100+ apps on the AppExchange

● Certified as PDO Master in 2017

● Clients range from 3 person start-ups to a Fortune 3 company

Page 24: How to Launch Your AppExchange App at Dreamforce

Security review submission cutoffAUGUST 25, 2017

Page 25: How to Launch Your AppExchange App at Dreamforce

Design considerations● Pick the cloud you want to build

○ App Cloud, Sales Cloud, Service Cloud, Marketing Cloud, Health Cloud, Financial Services

Cloud

● Consider your license model○ Connector, Checkout, ISVforce, OEM

● Clicks over code

● Lightning first

● Think of your Salesforce Administrator as a critical persona○ How you install and configure is the first experience in your application

Page 26: How to Launch Your AppExchange App at Dreamforce

Tips and tricks● You can still develop your application after submission

○ Must be demonstrable of functionality and integrations○ You should branch your code as you may have to make changes for resubmission

● PDEs are free○ Use a continuous integration pattern that will enable each dev to have their own org

● Your managed package should be clean○ Only package functionality, data models, and code that you actually need○ Only use functionality that is actually required (ex: Chatter, Leads, Opportunities)

● Provide the SecRev team tons of instruction○ Youtube videos on how to use your app are great!

● Gather feedback early and often○ Use a PDE!○ Install a package in a sandbox

Page 27: How to Launch Your AppExchange App at Dreamforce

What to do for Dreamforce1. Configure your AppExchange listing

2. Setup Trialforce

3. Have a success story!a. Gather feedback early from prospects via PDEs or installing in their sandboxes

4. Show don’t tella. Demo the app for prospects

Page 28: How to Launch Your AppExchange App at Dreamforce

PDOs can assist● Certified at building products

● Understand the commercial process

● Can spin up a team quickly

● Can assist in initial customer implementations

● https://appexchange.salesforce.com/consulting

Page 29: How to Launch Your AppExchange App at Dreamforce

CodeScience Difference● Only PDO with Master designation

● AppExchange Accelerator○ Collection of code and process for AppExchange products○ InstallScience is an installation wizard that can be easily configured○ BuildScience for managing continuous integration○ CRUD/FLS and Lightning frameworks

● We guarantee our code will pass Security Review● Have an App already?

○ Extension packages○ SDKs○ New features for Dreamforce

Page 31: How to Launch Your AppExchange App at Dreamforce

Lauren Clark

Senior Partner Marketing ManagerSalesforce

Page 32: How to Launch Your AppExchange App at Dreamforce

Why Sponsor Dreamforce?As a Dreamforce sponsor, we look forward to helping you…

grow your business evangelize customer success

accelerate results

Page 33: How to Launch Your AppExchange App at Dreamforce

Dreamforce Demographics

1 –Attendee Type missing percentage is for booth staff and labor

Page 35: How to Launch Your AppExchange App at Dreamforce

Contact your Partner Account Manager Today!Email questions to: [email protected]

Page 36: How to Launch Your AppExchange App at Dreamforce

Thank Y u