Twitter sandbox Or Penetration tests


#1

We are using Oauth to prepare an application on Salesforce. Salesforce Security team wants to review our application prior to release the app on the appexchange.

How can we get access to a sandbox (if any ) or get approval to make penetration tests on twitter production.

Thanks


#2

There is no sandbox and you shouldn’t use Twitter for any of your automated testing, penetration or otherwise. You should mock out your interactions with Twitter for that purpose.


#3

Hi @episode thanks for reply.
Our app needed to be tested by Security team of Salesforce prior to publish as an app. Can you advice how can we let them test the app if twitter API related parts are working properly.

I would appreciated If you can help on this or show the way we can do it
Here What they ask for: Can we make it happen?
“All we need now is permission to test twitter. Note that we are not going to do a lot of invasive testing, but we do need to run an SSL scan and walkthrough the registration process, and we cannot test a third party unless we have permission to do so.”


#4

I don’t think you’re going to secure our explicit permission to do that.


#5

Dear @episod,
Is there any way to get contact with anybody else from twitter who can advice or give any answers on our need. I need to be sure and make everything crystal clear before replying test teams requests.

Or we all can arrange a conference call if its ok for you guys to be sure that all of us are on the same page.

Regards
Ali


#6

You’ll need to just accept that there won’t be any way we’ll specifically authorize your organization or SalesForce to perform penetration tests and stress tests on Twitter. It’s just not a valid use of our service. The folks at Salesforce already work with Twitter-based applications and should already have all the information they need to know about Twitter.