Yes, There is a very useful webinar i came across on this topic.
n
There is a very good TrailHead for understanding this.
n
n
CRUD – Object Level Permission.
n
FLS – Field Level Permission.
n
Sharing – Record Level Permission. (With Sharing – Without Sharing)
n
SOQL – Injection in Dynamic Query.
n
Apex – System Context.
n
VisualForce – User Context
n
Standard Controller – User Context
n
n
Common VisualForce vulnerabilitiesnnXSS (Cross-site Scripting)nnOpen RedirectnnCSRF (Cross-Site Request Forgery)
n
Series Webinar 3 Covers : nnBuilding Salesforce IntegrationsnnIntegration Methods -Apex CalloutsnnIntegration Methods -API/OAuthnnConnected AppsnnIntegration UsernnIntegration-End UsernnAdvantages of Connected AppsnnCredential HandlingnnTransport SecuritynnMutual TLSnnSetting up a Mutual TLSnnSecret ProtectionnnWho do we secure secrets from?nnSecret in Named CredentialsnnNamed Credential UsagennNamed Credential BreakdownnnSecrets in Named CredentialsnnSecreted in Managed Protected SettingsnnCustom SettingsnnManaged Protected Custom SettingnnManaged Package ArchitecturennSecrets in Custom SettingsnnProperly Encapsulating Secret UsagennManaged Package ArchitecturennProperly Handling Secret DependenciesnnAvoiding Secret Reflection