Share

Most LWC security vulnerabilities are not configuration problems. They are code problems that start the moment a developer assumes Lightning Web Security will handle what only their code can.

Evelyn McMichael-Maguire, 10x Salesforce Certified developer, author of the Salesforce Lightning Web Component Cookbook, and incoming CrowdStrike engineer, joins host Matt Meyers, Salesforce CTA and CoFounder and CEO of EzProtect, to break down the security decisions developers get wrong when building LWCs.

Key recommendations from this session:

  • Lightning Web Security enforces namespace isolation. It does not enforce field-level security, CRUD, input validation, or event propagation. Those decisions are yours.
  • Every custom event should default to bubbles false and composed false. If your event carries record IDs or PII with composed true, any ancestor component can intercept it.
  • Import all object and field references through Salesforce schema instead of hard-coded strings, and run ESLint with LWS config locker before every deployment.
  • Review the LWS Distortion Viewer for every flagged API in your component bundle

Watch this session to learn how to write LWCs that hold up under scrutiny and build testing habits that catch vulnerabilities before they reach production.

 

Your Salesforce data is invaluable—is it truly secure? If you are allowing users to upload files into your Salesforce orgs, you are risk of also uploaded viruses and consequential data breaches. Get in contact with us today. 

By Published On: May 4, 2026Categories: APEX, Cybersecurity, Salesforce, Salesforce Security Office Hours, Video0 Comments

Share

Did you love this blog and wish there could be more?

It is our goal to keep you informed about everything you need to know about Salesforce security to keep your Salesforce data and company safe and secure by providing you with the highest quality of original content.

If this sounds good to you, then sign-up below to be one of the first to know when the next super awesome Salesforce security blog has been released.

Download your free guide today!

Learn if you are at risk and how to start protecting your users!

GET THE FACTS NOW