- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
How to Secure Salesforce Lightning Web Components: A Developer Playbook for LWC Security
Your Lightning Web Components passed code review. They deployed clean. But if your Apex skips field-level security and your events bubble CRM data to every ancestor component on the page, you shipped a vulnerability anyway.
Evelyn McMichael-Maguire, 10x Salesforce Certified developer, author of the Salesforce Lightning Web Component Cookbook, and incoming CrowdStrike engineer, joins host Matt Meyers, Salesforce CTA and CoFounder and CEO of EzProtect, to break down the security decisions developers get wrong when building LWCs.
Three principles from this session:
→ Lightning Web Security enforces namespace isolation. It does not enforce field-level security, CRUD, input validation, or event propagation. Those decisions are yours.
→ Every custom event should default to bubbles false and composed false. If your event carries record IDs or PII with composed true, any ancestor component can intercept it.
→ Run ESLint with LWS config locker and test under both Lightning Locker and Lightning Web Security before every deployment. One architecture's success is the other's type error.
If you are not reviewing what your code exposes before you deploy, you are shipping the vulnerability with it.
In this session: Salesforce LWC security, Lightning Web Components, Lightning Web Security, LWS, Lightning Locker, event propagation, bubbles composed, field-level security, Lightning Data Service, ESLint, LWS distortion viewer, feature flags, custom permissions, Apex controller security, input validation, Salesforce developer, Salesforce architect, Salesforce security, Evelyn McMichael-Maguire, Matt Meyers, EzProtect
#salesforce #salesforceadmin #salesforceapex #salesforcedevelopers #security #securitybreach
➡️ Download the official guide to protect your data from hackers in Salesforce
https://ezprotect.io/platform/
Timecodes
0:00 Session kickoff and housekeeping
2:16 Matt Meyers introduction
2:41 Evelyn McMichael-Maguire introduction
4:13 EzProtect overview
5:09 Last Office Hours recap: Auditing connected apps before migrating to ECA
5:49 Hot off the press: Salesforce AI data sharing opt-out
7:06 What developers get wrong about LWC security
7:21 Lightning Web Security vs Lightning Locker overview
11:23 The line between platform security and developer responsibility
13:46 Six lines of code that ship a vulnerability
18:24 Code example: LWS-compatible modal with event dispatching
22:23 Event properties: how bubbles and composed decide who gets your CRM data
24:54 Five nested components: event propagation demo
26:30 ESLint and the LWS Distortion Viewer
29:10 Feature flags with custom permissions
33:37 What to do before your next deployment
34:53 Key takeaways
36:12 Upcoming sessions and resources
37:14 Audience Q&A
44:25 Vibe coding and AI-generated code security
47:10 Static resource supply chain risks
51:07 Book giveaway and wrap-up
🔔 Subscribe to EzProtect - For Salesforce Best Practices here
https://www.youtube.com/channel/UC6MtFmvugBxRxQ2dKpFKn2Q
📚Learn More About Virus Scanning in Salesforce
➡️ https://www.ezprotect.io
📚Learn Common Virus Scanning Myths in Salesforce
https://ezp.fyi/3NeZY48
📆 Book a time to talk with us
https://ezprotect.io/schedule
-----------------SOCIAL----------------
✅ Twitter: https://twitter.com/ezprotect
✅ Instagram: https://www.instagram.com/ezprotect.co
✅ LinkedIN: https://www.linkedin.com/in/matt-meyers-cta/
Видео How to Secure Salesforce Lightning Web Components: A Developer Playbook for LWC Security канала Matt Meyers - EzProtect - Salesforce CTA
Evelyn McMichael-Maguire, 10x Salesforce Certified developer, author of the Salesforce Lightning Web Component Cookbook, and incoming CrowdStrike engineer, joins host Matt Meyers, Salesforce CTA and CoFounder and CEO of EzProtect, to break down the security decisions developers get wrong when building LWCs.
Three principles from this session:
→ Lightning Web Security enforces namespace isolation. It does not enforce field-level security, CRUD, input validation, or event propagation. Those decisions are yours.
→ Every custom event should default to bubbles false and composed false. If your event carries record IDs or PII with composed true, any ancestor component can intercept it.
→ Run ESLint with LWS config locker and test under both Lightning Locker and Lightning Web Security before every deployment. One architecture's success is the other's type error.
If you are not reviewing what your code exposes before you deploy, you are shipping the vulnerability with it.
In this session: Salesforce LWC security, Lightning Web Components, Lightning Web Security, LWS, Lightning Locker, event propagation, bubbles composed, field-level security, Lightning Data Service, ESLint, LWS distortion viewer, feature flags, custom permissions, Apex controller security, input validation, Salesforce developer, Salesforce architect, Salesforce security, Evelyn McMichael-Maguire, Matt Meyers, EzProtect
#salesforce #salesforceadmin #salesforceapex #salesforcedevelopers #security #securitybreach
➡️ Download the official guide to protect your data from hackers in Salesforce
https://ezprotect.io/platform/
Timecodes
0:00 Session kickoff and housekeeping
2:16 Matt Meyers introduction
2:41 Evelyn McMichael-Maguire introduction
4:13 EzProtect overview
5:09 Last Office Hours recap: Auditing connected apps before migrating to ECA
5:49 Hot off the press: Salesforce AI data sharing opt-out
7:06 What developers get wrong about LWC security
7:21 Lightning Web Security vs Lightning Locker overview
11:23 The line between platform security and developer responsibility
13:46 Six lines of code that ship a vulnerability
18:24 Code example: LWS-compatible modal with event dispatching
22:23 Event properties: how bubbles and composed decide who gets your CRM data
24:54 Five nested components: event propagation demo
26:30 ESLint and the LWS Distortion Viewer
29:10 Feature flags with custom permissions
33:37 What to do before your next deployment
34:53 Key takeaways
36:12 Upcoming sessions and resources
37:14 Audience Q&A
44:25 Vibe coding and AI-generated code security
47:10 Static resource supply chain risks
51:07 Book giveaway and wrap-up
🔔 Subscribe to EzProtect - For Salesforce Best Practices here
https://www.youtube.com/channel/UC6MtFmvugBxRxQ2dKpFKn2Q
📚Learn More About Virus Scanning in Salesforce
➡️ https://www.ezprotect.io
📚Learn Common Virus Scanning Myths in Salesforce
https://ezp.fyi/3NeZY48
📆 Book a time to talk with us
https://ezprotect.io/schedule
-----------------SOCIAL----------------
✅ Twitter: https://twitter.com/ezprotect
✅ Instagram: https://www.instagram.com/ezprotect.co
✅ LinkedIN: https://www.linkedin.com/in/matt-meyers-cta/
Видео How to Secure Salesforce Lightning Web Components: A Developer Playbook for LWC Security канала Matt Meyers - EzProtect - Salesforce CTA
Salesforce Salesforce security Salesforce developer Salesforce admin Salesforce architect Lightning Web Components LWC Lightning Web Security LWS Lightning Locker Evelyn McMichael-Maguire Matt Meyers EzProtect field-level security FLS event propagation ESLint LWS distortion viewer Apex security Lightning Data Service CrowdStrike custom permissions feature flags input validation CSS clickjacking Salesforce security office hours secure coding SLDS XSS
Комментарии отсутствуют
Информация о видео
4 мая 2026 г. 18:27:21
00:57:02
Другие видео канала
What Every Salesforce Team Needs to Know About Security and Agentforce Vibes
How to Hack Salesforce Communities to Protect your data
Salesforce Security Office Hours: Permission Management Vulnerabilities Exposing Your Org Data
10 facts you must do now to protect your salesforce data from hackers
How to Get Executives to Actually Care About Salesforce Security (Before It's Too Late)
An Essential Guide to Salesforce Connected Apps Security After Recent Breaches
Argus by EzProtect Teaser Trailer
Coca-Cola, Disney, & Qantas Salesforce Data Breaches: What Happened & How to Protect Your Org
Salesforce Configuration Drift: A DevSecOps Security Guide
Your Salesforce Org Just Got HACKED - Watch How It Happened
What is EzProtect? - Virus Scanner for Salesforce
The Salesforce Security Gap: Why 99% of Projects Lack Dedicated Security Roles
Architecting Trusted Salesforce Solutions: Lessons from the Gainsight and Drift Data Breaches
Salesforce Spring '26 Virus Scanner: Does It Actually Work?
From Prevention to Recovery: Your Complete Salesforce Data Breach Response Plan
What Every Salesforce Team Needs to Know About Security and Agentforce Vibes
Last Data Breach Christmas
How Salesforce Admins Should Audit Connected Apps Before Migrating to External Client Apps
How Security Teams Can Master Salesforce Domain Expertise (Without the Burnout)
Secure Custom Portal Architecture for Architects: Building on Salesforce as Your Data Source
2021 Cybersecurity Events to Remember
