Skip to content
Back to Blog
Integration

What is a Web Application Scanner?

Feb 17, 2025
AAppnigma
What is a Web Application Scanner?

A web application scanner is a security tool that scans and tests external endpoints of a web application to identify vulnerabilities such as cross-site scripting (XSS), SQL injection, and security misconfigurations. Salesforce requires you to use a web application scanner when submitting a solution for security review, especially if your solution connects to external endpoints.

Salesforce provides access to Chimera, a scanner that tests external endpoints from Salesforce IP addresses without requiring a download. However, Chimera only works with endpoints on domains you own, as it requires uploading a token to the root of the external server. If your solution connects to endpoints on domains you don’t own, Salesforce recommends using third-party tools like Zed Attack Proxy (ZAP) or Burp Suite. ZAP is a free, open-source security scanner, while Burp Suite is a paid tool requiring a separate license. Both tools effectively test for web application vulnerabilities, ensuring your solution meets Salesforce’s security standards.

More Blogs

All Blogs

Ship your native CRM app this quarter.

30 minutes. We generate your first package live. 10x faster, 10x cheaper than the build you were quoting.