Hands-On Oracle Application Express Security: Building Secure Apex Applications

An example-driven approach to securing Oracle APEX applications

As a Rapid Application Development framework, Oracle Application Express (APEX) allows websites to easily be created based on data within an Oracle database. Using only a web browser, you can develop and deploy professional applications that are both fast and secure. However, as with any website, there is a security risk and threat, and securing APEX applications requires some specific knowledge of the framework. Written by well-known security specialists Recx, this book shows you the correct ways to implement your APEX applications to ensure that they are not vulnerable to attacks. Real-world examples of a variety of security vulnerabilities demonstrate attacks and show the techniques and best practices for making applications secure.

  • Divides coverage into four sections, three of which cover the main classes of threat faced by web applications and the forth covers an APEX-specific protection mechanism
  • Addresses the security issues that can arise, demonstrating secure application design
  • Examines the most common class of vulnerability that allows attackers to invoke actions on behalf of other users and access sensitive data

The lead-by-example approach featured in this critical book teaches you basic "hacker" skills in order to show you how to validate and secure your APEX applications.

1115195494
Hands-On Oracle Application Express Security: Building Secure Apex Applications

An example-driven approach to securing Oracle APEX applications

As a Rapid Application Development framework, Oracle Application Express (APEX) allows websites to easily be created based on data within an Oracle database. Using only a web browser, you can develop and deploy professional applications that are both fast and secure. However, as with any website, there is a security risk and threat, and securing APEX applications requires some specific knowledge of the framework. Written by well-known security specialists Recx, this book shows you the correct ways to implement your APEX applications to ensure that they are not vulnerable to attacks. Real-world examples of a variety of security vulnerabilities demonstrate attacks and show the techniques and best practices for making applications secure.

  • Divides coverage into four sections, three of which cover the main classes of threat faced by web applications and the forth covers an APEX-specific protection mechanism
  • Addresses the security issues that can arise, demonstrating secure application design
  • Examines the most common class of vulnerability that allows attackers to invoke actions on behalf of other users and access sensitive data

The lead-by-example approach featured in this critical book teaches you basic "hacker" skills in order to show you how to validate and secure your APEX applications.

16.99 In Stock
Hands-On Oracle Application Express Security: Building Secure Apex Applications

Hands-On Oracle Application Express Security: Building Secure Apex Applications

by Recx
Hands-On Oracle Application Express Security: Building Secure Apex Applications
Add to Wishlist
Hands-On Oracle Application Express Security: Building Secure Apex Applications

Hands-On Oracle Application Express Security: Building Secure Apex Applications

by Recx

Overview

An example-driven approach to securing Oracle APEX applications

As a Rapid Application Development framework, Oracle Application Express (APEX) allows websites to easily be created based on data within an Oracle database. Using only a web browser, you can develop and deploy professional applications that are both fast and secure. However, as with any website, there is a security risk and threat, and securing APEX applications requires some specific knowledge of the framework. Written by well-known security specialists Recx, this book shows you the correct ways to implement your APEX applications to ensure that they are not vulnerable to attacks. Real-world examples of a variety of security vulnerabilities demonstrate attacks and show the techniques and best practices for making applications secure.

  • Divides coverage into four sections, three of which cover the main classes of threat faced by web applications and the forth covers an APEX-specific protection mechanism
  • Addresses the security issues that can arise, demonstrating secure application design
  • Examines the most common class of vulnerability that allows attackers to invoke actions on behalf of other users and access sensitive data

The lead-by-example approach featured in this critical book teaches you basic "hacker" skills in order to show you how to validate and secure your APEX applications.

Product Details

ISBN-13: 9781118686133
Publisher: Wiley
Publication date: 04/09/2013
Sold by: JOHN WILEY & SONS
Format: eBook
Pages: 108
File size: 7 MB

About the Author

Tim Austwick is the IT Security Director of Recx, an information security company and the developers of ApexSec, a security analysis tool for Oracle Apex applications: http://www.recx.co.uk/ Tim performed security reviews for 50+ Oracle Application Express web applications. The knowledge and experience gained from this process led to the development of the Recx ApexSec static-analysis engine that automates the security assessment process for Apex applications. Oracle also gave public credit to Recx ApexSec for helping to secure Apex 4.1.

Read an Excerpt

Click to read or download

Table of Contents

INTRODUCTION ix

CHAPTER 1: ACCESS CONTROL 1

The Problem 1

The Solution 2

Authentication 2

Application Authentication 3

Page Authentication 4

Authorization 5

Application Authorization 5

Page Authorization 6

Button and Process Authorization 7

Process Authorization — On-Demand 10

File Upload 12

Summary 14

CHAPTER 2: CROSS-SITE SCRIPTING 15

The Problem 17

The Solution 18

Examples 18

Understanding Context 19

Reports 21

Report Column Display type 23

Report Column Formatting — HTML Expressions 27

Report Column Formatting — Column Link 31

Report Column — List of Values 33

Direct Output 35

Summary 38

CHAPTER 3: SQL INJECTION 39

The Problem 39

The Solution 40

Validation 40

Examples 40

Dynamic SQL – Execute Immediate 41

Example 42

Dynamic SQL – Cursors 45

Example 45

Dynamic SQL – APEX API 49

Example 50

Function Returning SQL Query 54

Example 55

Substitution Variables 60

Example 60

Summary 67

CHAPTER 4: ITEM PROTECTION 69

The Problem 69

The Solution 70

Validations 71

Value Protected 72

Page Access Protection 74

Session State Protection 75

Prepare_Url Considerations 79

Ajax Considerations 80

Examples 81

Authorization Bypass 81

Form and Report 84

Summary 87

APPENDIX A: USING APEXSEC TO LOCATE SECURITY RISKS 89

ApexSec Online Portal 89

ApexSec Desktop 90

APPENDIX B: UPDATING ITEM PROTECTION 93

APPENDIX C: UNTRUSTED DATA PROCESSING 95

Expected Value 95

Safe Quote 95

Colon List to Comma List 96

Tag Stripping 96

From the B&N Reads Blog
Page 1 of

Related Subjects

Computers
Computers - General & Miscellaneous
Applications & Software
Internet & World Wide Web
Computer Programming
Software Engineering
Web Programming/Development
Computer Security
General & Miscellaneous Software
Internet & World Wide Web - General & Miscellaneous
Network Programming
General Software Engineering
Web Application Development
Web applications->Development
Computers
Computers - General & Miscellaneous
Applications & Software
Internet & World Wide Web
Computer Programming
Software Engineering
Web Programming/Development
Computer Security
General & Miscellaneous Software
Internet & World Wide Web - General & Miscellaneous
Network Programming
General Software Engineering

Customer Reviews