Details
Hands-On Oracle Application Express Security
Building Secure Apex Applications1. Aufl.
|
15,99 € |
|
| Verlag: | Wiley |
| Format: | |
| Veröffentl.: | 09.04.2013 |
| ISBN/EAN: | 9781118685785 |
| Sprache: | englisch |
| Anzahl Seiten: | 108 |
DRM-geschütztes eBook, Sie benötigen z.B. Adobe Digital Editions und eine Adobe ID zum Lesen.
Beschreibungen
<p><b>An example-driven approach to securing Oracle APEX applications</b></p> <p>As a Rapid Application Development framework, Oracle Application Express (APEX) allows websites to easily be created based on data within an Oracle database. Using only a web browser, you can develop and deploy professional applications that are both fast and secure. However, as with any website, there is a security risk and threat, and securing APEX applications requires some specific knowledge of the framework. Written by well-known security specialists Recx, this book shows you the correct ways to implement your APEX applications to ensure that they are not vulnerable to attacks. Real-world examples of a variety of security vulnerabilities demonstrate attacks and show the techniques and best practices for making applications secure.</p> <ul> <li>Divides coverage into four sections, three of which cover the main classes of threat faced by web applications and the forth covers an APEX-specific protection mechanism</li> <li>Addresses the security issues that can arise, demonstrating secure application design</li> <li>Examines the most common class of vulnerability that allows attackers to invoke actions on behalf of other users and access sensitive data</li> </ul> <p>The lead-by-example approach featured in this critical book teaches you basic "hacker" skills in order to show you how to validate and secure your APEX applications.</p>
INTRODUCTION ix <p>CHAPTER 1: ACCESS CONTROL 1</p> <p>The Problem 1</p> <p>The Solution 2</p> <p>Authentication 2</p> <p>Application Authentication 3</p> <p>Page Authentication 4</p> <p>Authorization 5</p> <p>Application Authorization 5</p> <p>Page Authorization 6</p> <p>Button and Process Authorization 7</p> <p>Process Authorization — On-Demand 10</p> <p>File Upload 12</p> <p>Summary 14</p> <p>CHAPTER 2: CROSS-SITE SCRIPTING 15</p> <p>The Problem 17</p> <p>The Solution 18</p> <p>Examples 18</p> <p>Understanding Context 19</p> <p>Reports 21</p> <p>Report Column Display type 23</p> <p>Report Column Formatting — HTML Expressions 27</p> <p>Report Column Formatting — Column Link 31</p> <p>Report Column — List of Values 33</p> <p>Direct Output 35</p> <p>Summary 38</p> <p>CHAPTER 3: SQL INJECTION 39</p> <p>The Problem 39</p> <p>The Solution 40</p> <p>Validation 40</p> <p>Examples 40</p> <p>Dynamic SQL – Execute Immediate 41</p> <p>Example 42</p> <p>Dynamic SQL – Cursors 45</p> <p>Example 45</p> <p>Dynamic SQL – APEX API 49</p> <p>Example 50</p> <p>Function Returning SQL Query 54</p> <p>Example 55</p> <p>Substitution Variables 60</p> <p>Example 60</p> <p>Summary 67</p> <p>CHAPTER 4: ITEM PROTECTION 69</p> <p>The Problem 69</p> <p>The Solution 70</p> <p>Validations 71</p> <p>Value Protected 72</p> <p>Page Access Protection 74</p> <p>Session State Protection 75</p> <p>Prepare_Url Considerations 79</p> <p>Ajax Considerations 80</p> <p>Examples 81</p> <p>Authorization Bypass 81</p> <p>Form and Report 84</p> <p>Summary 87</p> <p>APPENDIX A: USING APEXSEC TO LOCATE SECURITY RISKS 89</p> <p>ApexSec Online Portal 89</p> <p>ApexSec Desktop 90</p> <p>APPENDIX B: UPDATING ITEM PROTECTION 93</p> <p>APPENDIX C: UNTRUSTED DATA PROCESSING 95</p> <p>Expected Value 95</p> <p>Safe Quote 95</p> <p>Colon List to Comma List 96</p> <p>Tag Stripping 96</p>
<p><b>Tim Austwick</b> is the IT Security Director of <b>Recx</b>, an information security company and the developers of ApexSec, a security analysis tool for Oracle Apex applications: http://www.recx.co.uk/ Tim performed security reviews for 50+ Oracle Application Express web applications. The knowledge and experience gained from this process led to the development of the Recx ApexSec static-analysis engine that automates the security assessment process for Apex applications. Oracle also gave public credit to Recx ApexSec for helping to secure Apex 4.1.</p>
Diese Produkte könnten Sie auch interessieren:
