You are previewing Expert Oracle Application Express Security.
O'Reilly logo
Expert Oracle Application Express Security

Book Description

Expert Oracle Application Express Security covers all facets of security related to Oracle Application Express (APEX) development. From basic settings that can enhance security, to preventing SQL Injection and Cross Site Scripting attacks, Expert Oracle Application Express Security shows how to secure your APEX applictions and defend them from intrusion.

Security is a process, not an event. Expert Oracle Application Express Security is written with that theme in mind. Scott Spendolini, one of the original creators of the product, offers not only examples of security best practices, but also provides step-by-step instructions on how to implement the recommendations presented. A must-read for even the most experienced APEX developer, Expert Oracle Application Express Security can help your organization ensure their APEX applications are as secure as they can be.

What you'll learn

  • Devise and execute a security plan

  • Ensure your installation of APEX is configured most securely

  • Prevent SQL Injection, cross site scripting, and URL tampering attacks

  • Protect your data during all phases of its lifetime

  • Apply security features built into the database layer

  • Design APEX applications to safely be deployed on the Internet

Who this book is for

Expert Oracle Application Express Security is aimed at developers and administrators deploying applications created using Oracle Application Express (APEX). The topic is especially important when those applications are public-facing or involve sensitive data. Any Application Express developer or administrator who wants to sleep well at night in an era of network intrusion and data thievery will want this book.

Table of Contents

  1. Title Page
  2. Dedication
  3. Contents at a Glance
  4. Contents
  5. Foreword
  6. About the Author
  7. About the Technical Reviewer
  8. Acknowledgments
  9. Introduction
  10. CHAPTER 1: Threat Analysis
    1. Assessment
    2. Types of Threats
    3. Summary
  11. CHAPTER 2: Implementing a Security Plan
    1. What Is a Security Plan?
    2. Assessment
    3. Design
    4. Development
    5. Contingency
    6. Review and Revision
    7. Security Reviews
    8. Simulating a Breach
    9. Summary
  12. CHAPTER 3: APEX Architecture
    1. Overview of APEX
    2. Administration Console
    3. Workspaces
    4. Architecture
    5. Transactions
    6. Infrastructure
    7. Summary
  13. CHAPTER 4: Instance Settings
    1. Overview
    2. Manage Instance Settings
    3. Manage Workspaces
    4. Monitor Activity
    5. Summary
  14. CHAPTER 5: Workspace Settings
    1. Manage Service
    2. Manage Users and Groups
    3. Monitor Activity
    4. Workspace Management Best Practices
    5. Summary
  15. CHAPTER 6: Application Settings
    1. Application Settings
    2. Page and Region Settings
    3. Mobile Applications
    4. Summary
  16. CHAPTER 7: Application Threats
    1. SQL Injection
    2. Cross-Site Scripting
    3. Sanitizing Data
    4. URL Tampering
    5. Summary
  17. CHAPTER 8: User Authentication
    1. Types of Authentication Schemes
    2. Common Authentication Scheme Components
    3. Mechanics of Authentication
    4. Summary
  18. CHAPTER 9: User Authorization
    1. Authorization Schemes
    2. Implementing Authorization Schemes
    3. APEX Access Control
    4. Summary
  19. CHAPTER 10: Secure Export to CSV
    1. APEX Export Options
    2. Custom Export to CSV
    3. Summary
  20. CHAPTER 11: Secure Views
    1. The View
    2. Secure View Components
    3. Benefits and Drawbacks
    4. Summary
  21. CHAPTER 12: Virtual Private Database
    1. The Evolution of Data
    2. VPD Basics
    3. Integration with APEX
    4. Managing VPD in Oracle Enterprise Manager
    5. Summary
  22. CHAPTER 13: Shadow Schema
    1. Overview
    2. Components
    3. Securing Data
    4. Summary
  23. CHAPTER 14: Encryption
    1. Encryption
    2. HTTPS
    3. APEX HTTPS Settings
    4. APEX Item Encryption
    5. Advanced Security Option
    6. Summary
  24. Index