Salesforce B2C Commerce 24.7 > B2C Commerce Security Guide > Security Best Practices for Developers

Supply Chain Security

Unverified software sources included through uploads and external linking represent potential vectors for attack.

Code Uploads
Uploading code is a sensitive operation. Any possibility of uploading untrusted code opens the doors for malicious actors to access most of your realm’s data and capabilities, which adversely affects the confidentiality, integrity, and availability of your site and customers’ data.
Third-Party Libraries
Third-party software is regularly integrated into custom code to easily add features and increase the speed to take a product to market. This practice comes at the risk of including unwanted or insecure libraries into the storefront code. Even SiteGenesis and SFRA include a number of third-party libraries. When incorporated into your custom code, they require close monitoring for potential issues and vulnerabilities.
Salesforce Commerce Cloud D2C: Quick Start Guide
Learn how to build, customize, and launch a fully functional D2C store using Salesforce Commerce Cloud. From initial setup to branding, product configuration, and checkout optimization, this course will equip you with the skills to go live fast and scale.
Remotely Hosted Resources
Supply chain attacks are more common in the ecommerce space today. For example, Magecart often targets third-party, remotely hosted resources to install drivebys that skim sensitive information entered on a webpage. Using only JavaScript, attackers can mine cryptocurrencies, assert machines into a DDoS network as subordinates, and even attempt to install malware directly onto the client machine for further control and compromise.
Salesforce Javascript Developer I - Certification Tests
Not just another prep course—this is your shortcut to passing. Tackle 80+ handpicked questions, plus a final timed test that mirrors the real exam. Master JavaScript for Salesforce and go from 'hoping to pass' to knowing you will. Ready to start?