Hands-On Oracle Application Express Security - Bookswagon UAE
Logo1
Login & Sign up
AddBanner
Home icon Home
Account Icon Account
Wishlist Icon Wishlist
Cart Icon Cart
humburger icon Categories
Book 1
Book 2
Book 3
Book 1
Book 2
Book 3
Book 1
Book 2
Book 3
Book 1
Book 2
Book 3
Home > Computing and Information Technology > Computer security > Hands-On Oracle Application Express Security: Building Secure Apex Applications
Hands-On Oracle Application Express Security: Building Secure Apex Applications

Hands-On Oracle Application Express Security: Building Secure Apex Applications


     0     
5
4
3
2
1
Write Reviews


Out of Stock


Notify me when this book is in stock
X

Hands-On Oracle Application Express Security: Building Secure Apex Applications
Building Secure Apex Applications
Format: Digital (delivered electronically)

About the Book

An example-driven approach to securing Oracle APEX applications

As a Rapid Application Development framework, Oracle Application Express (APEX) allows websites to easily be created based on data within an Oracle database. Using only a web browser, you can develop and deploy professional applications that are both fast and secure. However, as with any website, there is a security risk and threat, and securing APEX applications requires some specific knowledge of the framework. Written by well-known security specialists Recx, this book shows you the correct ways to implement your APEX applications to ensure that they are not vulnerable to attacks. Real-world examples of a variety of security vulnerabilities demonstrate attacks and show the techniques and best practices for making applications secure.

  • Divides coverage into four sections, three of which cover the main classes of threat faced by web applications and the forth covers an APEX-specific protection mechanism
  • Addresses the security issues that can arise, demonstrating secure application design
  • Examines the most common class of vulnerability that allows attackers to invoke actions on behalf of other users and access sensitive data

The lead-by-example approach featured in this critical book teaches you basic "hacker" skills in order to show you how to validate and secure your APEX applications.



Table of Contents:
INTRODUCTION ix

CHAPTER 1: ACCESS CONTROL 1

The Problem 1

The Solution 2

Authentication 2

Application Authentication 3

Page Authentication 4

Authorization 5

Application Authorization 5

Page Authorization 6

Button and Process Authorization 7

Process Authorization — On-Demand 10

File Upload 12

Summary 14

CHAPTER 2: CROSS-SITE SCRIPTING 15

The Problem 17

The Solution 18

Examples 18

Understanding Context 19

Reports 21

Report Column Display type 23

Report Column Formatting — HTML Expressions 27

Report Column Formatting — Column Link 31

Report Column — List of Values 33

Direct Output 35

Summary 38

CHAPTER 3: SQL INJECTION 39

The Problem 39

The Solution 40

Validation 40

Examples 40

Dynamic SQL – Execute Immediate 41

Example 42

Dynamic SQL – Cursors 45

Example 45

Dynamic SQL – APEX API 49

Example 50

Function Returning SQL Query 54

Example 55

Substitution Variables 60

Example 60

Summary 67

CHAPTER 4: ITEM PROTECTION 69

The Problem 69

The Solution 70

Validations 71

Value Protected 72

Page Access Protection 74

Session State Protection 75

Prepare_Url Considerations 79

Ajax Considerations 80

Examples 81

Authorization Bypass 81

Form and Report 84

Summary 87

APPENDIX A: USING APEXSEC TO LOCATE SECURITY RISKS 89

ApexSec Online Portal 89

ApexSec Desktop 90

APPENDIX B: UPDATING ITEM PROTECTION 93

APPENDIX C: UNTRUSTED DATA PROCESSING 95

Expected Value 95

Safe Quote 95

Colon List to Comma List 96

Tag Stripping 96



About the Author :

Tim Austwick is the IT Security Director of Recx, an information security company and the developers of ApexSec, a security analysis tool for Oracle Apex applications: http://www.recx.co.uk/ Tim performed security reviews for 50+ Oracle Application Express web applications. The knowledge and experience gained from this process led to the development of the Recx ApexSec static-analysis engine that automates the security assessment process for Apex applications. Oracle also gave public credit to Recx ApexSec for helping to secure Apex 4.1.

See All
Product Details
  • ISBN-13: 9781118685785
  • Publisher: John Wiley & Sons Inc
  • Publisher Imprint: John Wiley & Sons Inc
  • Language: English
  • Sub Title: Building Secure Apex Applications
  • ISBN-10: 1118685784
  • Publisher Date: 09 Apr 2013
  • Binding: Digital (delivered electronically)
  • No of Pages: 108

Similar Products

Add Photo
Add Photo

Customer Reviews

REVIEWS      0     
Click Here To Be The First to Review this Product
Hands-On Oracle Application Express Security: Building Secure Apex Applications
John Wiley & Sons Inc -
Hands-On Oracle Application Express Security: Building Secure Apex Applications
Writing guidlines
We want to publish your review, so please:
  • keep your review on the product. Review's that defame author's character will be rejected.
  • Keep your review focused on the product.
  • Avoid writing about customer service. contact us instead if you have issue requiring immediate attention.
  • Refrain from mentioning competitors or the specific price you paid for the product.
  • Do not include any personally identifiable information, such as full names.

Hands-On Oracle Application Express Security: Building Secure Apex Applications

Required fields are marked with *

Review Title*
Review
    Add Photo Add up to 6 photos
    Would you recommend this product to a friend?
    Tag this Book Read more
    Does your review contain spoilers?
    What type of reader best describes you?
    I agree to the terms & conditions
    You may receive emails regarding this submission. Any emails will include the ability to opt-out of future communications.

    CUSTOMER RATINGS AND REVIEWS AND QUESTIONS AND ANSWERS TERMS OF USE

    These Terms of Use govern your conduct associated with the Customer Ratings and Reviews and/or Questions and Answers service offered by Bookswagon (the "CRR Service").


    By submitting any content to Bookswagon, you guarantee that:
    • You are the sole author and owner of the intellectual property rights in the content;
    • All "moral rights" that you may have in such content have been voluntarily waived by you;
    • All content that you post is accurate;
    • You are at least 13 years old;
    • Use of the content you supply does not violate these Terms of Use and will not cause injury to any person or entity.
    You further agree that you may not submit any content:
    • That is known by you to be false, inaccurate or misleading;
    • That infringes any third party's copyright, patent, trademark, trade secret or other proprietary rights or rights of publicity or privacy;
    • That violates any law, statute, ordinance or regulation (including, but not limited to, those governing, consumer protection, unfair competition, anti-discrimination or false advertising);
    • That is, or may reasonably be considered to be, defamatory, libelous, hateful, racially or religiously biased or offensive, unlawfully threatening or unlawfully harassing to any individual, partnership or corporation;
    • For which you were compensated or granted any consideration by any unapproved third party;
    • That includes any information that references other websites, addresses, email addresses, contact information or phone numbers;
    • That contains any computer viruses, worms or other potentially damaging computer programs or files.
    You agree to indemnify and hold Bookswagon (and its officers, directors, agents, subsidiaries, joint ventures, employees and third-party service providers, including but not limited to Bazaarvoice, Inc.), harmless from all claims, demands, and damages (actual and consequential) of every kind and nature, known and unknown including reasonable attorneys' fees, arising out of a breach of your representations and warranties set forth above, or your violation of any law or the rights of a third party.


    For any content that you submit, you grant Bookswagon a perpetual, irrevocable, royalty-free, transferable right and license to use, copy, modify, delete in its entirety, adapt, publish, translate, create derivative works from and/or sell, transfer, and/or distribute such content and/or incorporate such content into any form, medium or technology throughout the world without compensation to you. Additionally,  Bookswagon may transfer or share any personal information that you submit with its third-party service providers, including but not limited to Bazaarvoice, Inc. in accordance with  Privacy Policy


    All content that you submit may be used at Bookswagon's sole discretion. Bookswagon reserves the right to change, condense, withhold publication, remove or delete any content on Bookswagon's website that Bookswagon deems, in its sole discretion, to violate the content guidelines or any other provision of these Terms of Use.  Bookswagon does not guarantee that you will have any recourse through Bookswagon to edit or delete any content you have submitted. Ratings and written comments are generally posted within two to four business days. However, Bookswagon reserves the right to remove or to refuse to post any submission to the extent authorized by law. You acknowledge that you, not Bookswagon, are responsible for the contents of your submission. None of the content that you submit shall be subject to any obligation of confidence on the part of Bookswagon, its agents, subsidiaries, affiliates, partners or third party service providers (including but not limited to Bazaarvoice, Inc.)and their respective directors, officers and employees.

    Accept

    See All

    Inspired by your browsing history


    Your review has been submitted!

    You've already reviewed this product!