Hands-On Oracle Application Express SecurityBuilding Secure Apex Applications
An example-driven approach to securing Oracle APEX applications As a Rapid Application Development framework, Oracle Application Express (APEX) allows websites to easily be created based on data within an Oracle database. Using only a web browser, you can develop and deploy professional applications that are both fast and secure. However, as with any website, there is a security risk and threat, and securing APEX applications requires some specific knowledge of the framework. Written by well-known security specialists Recx, this book shows you the correct ways to implement your APEX applications to ensure that they are not vulnerable to attacks. Real-world examples of a variety of security vulnerabilities demonstrate attacks and show the techniques and best practices for making applications secure. Divides coverage into four sections, three of which cover the main classes of threat faced by web applications and the forth covers an APEX-specific protection mechanism Addresses the security issues that can arise, demonstrating secure application design Examines the most common class of vulnerability that allows attackers to invoke actions on behalf of other users and access sensitive data The lead-by-example approach featured in this critical book teaches you basic "hacker" skills in order to show you how to validate and secure your APEX applications.
INTRODUCTION ix CHAPTER 1: ACCESS CONTROL 1 The Problem 1 The Solution 2 Authentication 2 Application Authentication 3 Page Authentication 4 Authorization 5 Application Authorization 5 Page Authorization 6 Button and Process Authorization 7 Process Authorization — On-Demand 10 File Upload 12 Summary 14 CHAPTER 2: CROSS-SITE SCRIPTING 15 The Problem 17 The Solution 18 Examples 18 Understanding Context 19 Reports 21 Report Column Display type 23 Report Column Formatting — HTML Expressions 27 Report Column Formatting — Column Link 31 Report Column — List of Values 33 Direct Output 35 Summary 38 CHAPTER 3: SQL INJECTION 39 The Problem 39 The Solution 40 Validation 40 Examples 40 Dynamic SQL – Execute Immediate 41 Example 42 Dynamic SQL – Cursors 45 Example 45 Dynamic SQL – APEX API 49 Example 50 Function Returning SQL Query 54 Example 55 Substitution Variables 60 Example 60 Summary 67 CHAPTER 4: ITEM PROTECTION 69 The Problem 69 The Solution 70 Validations 71 Value Protected 72 Page Access Protection 74 Session State Protection 75 Prepare_Url Considerations 79 Ajax Considerations 80 Examples 81 Authorization Bypass 81 Form and Report 84 Summary 87 APPENDIX A: USING APEXSEC TO LOCATE SECURITY RISKS 89 ApexSec Online Portal 89 ApexSec Desktop 90 APPENDIX B: UPDATING ITEM PROTECTION 93 APPENDIX C: UNTRUSTED DATA PROCESSING 95 Expected Value 95 Safe Quote 95 Colon List to Comma List 96 Tag Stripping 96
NeuheitenWirtschaftsmathematik kompakt für D... 14,99 €
Ensemble Classification Methods wit... 108,99 €
Introductory Quantum Mechanics with... 70,99 €
Prognostics and Health Management o... 127,99 €
Advanced Textile Engineering Materials 194,99 €