Hands-On Oracle Application Express Security: Building Secure Apex Applications [NOOK Book]

Overview

An example-driven approach to securing Oracle APEX applications

As a Rapid Application Development framework, Oracle Application Express (APEX) allows websites to easily be created based on data within an Oracle database. Using only a web browser, you can develop and deploy professional applications that are both fast and secure. However, as with any website, there is a security risk and threat, and securing APEX applications requires some specific knowledge of the framework. ...

See more details below
Hands-On Oracle Application Express Security: Building Secure Apex Applications

Available on NOOK devices and apps  
  • NOOK Devices
  • NOOK HD/HD+ Tablet
  • NOOK
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK Study
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
$13.99
BN.com price
(Save 44%)$24.99 List Price
Note: This NOOK Book can be purchased in bulk. Please email us for more information.

Overview

An example-driven approach to securing Oracle APEX applications

As a Rapid Application Development framework, Oracle Application Express (APEX) allows websites to easily be created based on data within an Oracle database. Using only a web browser, you can develop and deploy professional applications that are both fast and secure. However, as with any website, there is a security risk and threat, and securing APEX applications requires some specific knowledge of the framework. Written by well-known security specialists Recx, this book shows you the correct ways to implement your APEX applications to ensure that they are not vulnerable to attacks. Real-world examples of a variety of security vulnerabilities demonstrate attacks and show the techniques and best practices for making applications secure.

  • Divides coverage into four sections, three of which cover the main classes of threat faced by web applications and the forth covers an APEX-specific protection mechanism
  • Addresses the security issues that can arise, demonstrating secure application design
  • Examines the most common class of vulnerability that allows attackers to invoke actions on behalf of other users and access sensitive data

The lead-by-example approach featured in this critical book teaches you basic "hacker" skills in order to show you how to validate and secure your APEX applications.

Read More Show Less

Product Details

  • ISBN-13: 9781118686133
  • Publisher: Wiley, John & Sons, Incorporated
  • Publication date: 4/9/2013
  • Sold by: Barnes & Noble
  • Format: eBook
  • Edition number: 1
  • Pages: 150
  • Sales rank: 1,297,818
  • File size: 7 MB

Table of Contents

INTRODUCTION ix

CHAPTER 1: ACCESS CONTROL 1

The Problem 1

The Solution 2

Authentication 2

Application Authentication 3

Page Authentication 4

Authorization 5

Application Authorization 5

Page Authorization 6

Button and Process Authorization 7

Process Authorization — On-Demand 10

File Upload 12

Summary 14

CHAPTER 2: CROSS-SITE SCRIPTING 15

The Problem 17

The Solution 18

Examples 18

Understanding Context 19

Reports 21

Report Column Display type 23

Report Column Formatting — HTML Expressions 27

Report Column Formatting — Column Link 31

Report Column — List of Values 33

Direct Output 35

Summary 38

CHAPTER 3: SQL INJECTION 39

The Problem 39

The Solution 40

Validation 40

Examples 40

Dynamic SQL – Execute Immediate 41

Example 42

Dynamic SQL – Cursors 45

Example 45

Dynamic SQL – APEX API 49

Example 50

Function Returning SQL Query 54

Example 55

Substitution Variables 60

Example 60

Summary 67

CHAPTER 4: ITEM PROTECTION 69

The Problem 69

The Solution 70

Validations 71

Value Protected 72

Page Access Protection 74

Session State Protection 75

Prepare_Url Considerations 79

Ajax Considerations 80

Examples 81

Authorization Bypass 81

Form and Report 84

Summary 87

APPENDIX A: USING APEXSEC TO LOCATE SECURITY RISKS 89

ApexSec Online Portal 89

ApexSec Desktop 90

APPENDIX B: UPDATING ITEM PROTECTION 93

APPENDIX C: UNTRUSTED DATA PROCESSING 95

Expected Value 95

Safe Quote 95

Colon List to Comma List 96

Tag Stripping 96

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)