Sinopsis
AT RECX we’ve been involved in the world of IT Security for more than a decade. We were involved in some of the fi rst penetration tests performed in the UK, where large organizations and government departments allowed ethical hackers into their networks to determine the risk they faced from what are now known as cyber attacks.
As web applications rose in popularity around the turn of the century, we worked to develop tools and tactics to assist in attacking sites for customers. As more content was placed within web-based systems, this area of research grew almost in tandem with the number of real-world attacks that were happening against Internet-facing websites.
In recent years, we became exposed to Oracle Application Express (APEX) and realized that there was no single resource for developers on securing their APEX applications. We were able to break into APEX applications in a myriad of ways after learning about the unique structure of the APEX environment. But we had to learn from scratch why the security fl aws existed and how to explain to developers the steps required to resolve the risks. We’ve collated this experience and advice into this book to help any APEX developer create secure APEX applications.
Oracle APEX use is booming, and we’re seeing more Oracle customers choosing APEX for presentation of their business data from the database. Some customers have hundreds of APEX applications, ranging in complexity from simple data presentation and reporting through to complex business process management and geospatial analysis. Many have serious security requirements and need to ensure that their data is protected both from unknown parties operating on their networks, and also their “trusted” users acting with malicious intent.
APEX is a great tool for rapidly getting raw data out of the database and into a familiar browser environment for users. Whereas there is a gain in terms of functionality in this Rapid Application Development (RAD) model, what we often see is a detrimental effect on security. That’s where Recx comes in — we hope this book is useful for all levels of APEX developers to understand the common risks faced by web applications, how they occur within APEX, and the simple steps required to ensure applications are robust against attack.
Content
- ACCESS CONTROL
- CROSS-SITE SCRIPTING
- SQL INJECTION
- ITEM PROTECTION
- USING APEXSEC TO LOCATE SECURITY RISKS
- UPDATING ITEM PROTECTION
- UNTRUSTED DATA PROCESSING
0 komentar:
Posting Komentar