- Step by Step guide on how to build and publish app - Ensure the app meets all security standards - Ensure customer requirements are met over - Ensure customer support is round the clock and the best - Listen to customer requirements and add them in your road-map - And at last, always follow-up with your client to garner reviews and share your app in their circle

1. Develop & publish “5 star”
AppExchange app

2. 2
I’m Chirag Mehta
I am here because I love to share!
Namaste!
You can find me at
@chiragmehta84
@chiragmehta84
@chiragmehta84
chirag@satrangtech.com

3. Idea!!!!!
We all go one, isn’t :)
3

4. Idea to Execution
❖ Believe in Yourself
❖ Create Your Own Personal Board of Advisors
❖ Embrace Risk as Your Best Friend
❖ Be Extremely Patient
❖ Learn How to Sell Your Vision
❖ Connect the Dots Along the Way
❖ Be Passionate With Your Pursuit
❖ Be Purposeful
❖ Always Make the Idea Better
Reference : http://bit.ly/2fbfBuH
4

5. ”
To me, ideas are worth nothing
unless executed. They are just a
multiplier. Execution is worth
millions.
5

6. Develop
Most essential we consider, but is least time consuming part of app building.
6

7. Development Life Cycle
Development
Do development.
QA
Sanity and
Regression
testing.
Packaging
Release beta and
major package
versions.
7

8. ”
if everyone is moving forward
together then success takes care of
itself.
8

9. Security
Really ???
9

10. Security Review
Force.com
Security Scanner
Scan and fix
vulnerabilities
Read more @
https://security.secure.for
ce.com/sourcescanner/
Web Application
Scanner (ZAP)
External
Integrations
Read more @
https://security.secure.for
ce.com/security/tools/web
app/burpabout
Best Practices
Adhere and follow
best practices.
10

11. Read more @ https://security.secure.force.com/security/tools/forcecom/scannerhelp
Add Topics : Retire.js, False +ve/-ve, Support Case, Security Office Hours etc
Quality Profile:
The Force.com Security Source Scanner will detect the following
common Apex coding and design issues:
● DML statements inside loops
● SOQL/SOSL inside loops
● Hardcoding Trigger.new[0]
● Hardcoding Trigger.old[0]
● Queries with no Where clause or no LIMIT clause
● Not bulkifying apex methods
● Async (@future) methods inside loops
● Hardcoding IDs
● Multiple triggers on same object
● Static Resource referencing
● Multiple Visualforce forms in the same page
● Test methods without assert
Additional Info
Security Profile:
The scanner will help to detect the following security vulnerability
types:
● Cross Site Scripting (reflected, stored, and DOM based)
● SOQL/SOSL Injection
● Access Control Issues (Sharing, FLS)
● Cross site request forgery attacks
● Arbitrary Redirects
● Overly permissive postMessage targets
11

12. ”
Security review is not a burden, it's a
necessity to ensure customer
success.
12

13. Support
13
Most important part of app success!

14. Support
App Notes
- Configuration
Guides
- Release Notes
- Videos
- Tutorial
- FAQ’s
Reach out
- Customers
- Seek feedback
- ISV Org
14
Updates
- Listen to
customer
- Make new
releases
- Address
customer
requirements
Ticket/Case
- Support
System
- Round the
clock support
- Instant
replies

15. ”
Delivery Management is more
important than Project
Management.
15

16. Resources
Zap Scanner : https://security.secure.force.com/security/tools/webapp/burpabout
Force.com Scanner : https://security.secure.force.com/sourcescanner/
Force.com Scanner Help (FAQs) : https://security.secure.force.com/security/tools/forcecom/scannerhelp
ISV Security Review (Trailhead Module) : https://trailhead.salesforce.com/en/modules/isv_security_review
Build Apps as an AppExchange Partner (Trailhead Trail) : https://trailhead.salesforce.com/en/trails/isv_developer_beginner
AppExchange : https://appexchange.salesforce.com/
Security Office Hours : https://security.secure.force.com/security/contact/ohours
Reite JS : Retire.js
16

17. My Apps ….17

18. 18
THANKS!
Any questions?
You can find me at
@chiragmehta84
@chiragmehta84
@chiragmehta84
chirag@satrangtech.com