As a Rapid Application Development framework, Oracle Application Express (APEX) allows websites to easily be created based on data within an Oracle database. Using only a web browser, you can develop and deploy professional applications that are both fast and secure. However, as with any website, there is a security risk and threat, and securing APEX applications requires some specific knowledge of the framework. Written by well-known security specialists Recx, this book shows you the correct ways to implement your APEX applications to ensure that they are not vulnerable to attacks. Real-world examples of a variety of security vulnerabilities demonstrate attacks and show the techniques and best practices for making applications secure.
- Divides coverage into four sections, three of which cover the main classes of threat faced by web applications and the forth covers an APEX-specific protection mechanism
- Addresses the security issues that can arise, demonstrating secure application design
- Examines the most common class of vulnerability that allows attackers to invoke actions on behalf of other users and access sensitive data
The lead-by-example approach featured in this critical book teaches you basic "hacker" skills in order to show you how to validate and secure your APEX applications.
About the author
Tim Austwick is the IT Security Director of Recx, an information security company and the developers of ApexSec, a security analysis tool for Oracle Apex applications: http://www.recx.co.uk/ Tim performed security reviews for 50+ Oracle Application Express web applications. The knowledge and experience gained from this process led to the development of the Recx ApexSec static-analysis engine that automates the security assessment process for Apex applications. Oracle also gave public credit to Recx ApexSec for helping to secure Apex 4.1.