This document provides an overview of building secure applications in the cloud. It discusses Salesforce's philosophy of putting customer privacy and security first. It also covers Salesforce's security review process for applications, common vulnerabilities tested for like injection flaws and cross-site scripting, and resources available to help partners develop securely like guidelines, code scanning tools, and office hours support.