Expert Oracle Application Express Security

Expert Oracle Application Express Security

by Scott Spendolini
Released April 2013
Publisher(s): Apress
ISBN: 9781430247319

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Expert Oracle Application Express Security covers all facets of security related to Oracle Application Express (APEX) development. From basic settings that can enhance security, to preventing SQL Injection and Cross Site Scripting attacks, Expert Oracle Application Express Security shows how to secure your APEX applictions and defend them from intrusion.

Security is a process, not an event. Expert Oracle Application Express Security is written with that theme in mind. Scott Spendolini, one of the original creators of the product, offers not only examples of security best practices, but also provides step-by-step instructions on how to implement the recommendations presented. A must-read for even the most experienced APEX developer, Expert Oracle Application Express Security can help your organization ensure their APEX applications are as secure as they can be.

What you'll learn

  • Devise and execute a security plan

  • Ensure your installation of APEX is configured most securely

  • Prevent SQL Injection, cross site scripting, and URL tampering attacks

  • Protect your data during all phases of its lifetime

  • Apply security features built into the database layer

  • Design APEX applications to safely be deployed on the Internet

    • Who this book is for

    Expert Oracle Application Express Security is aimed at developers and administrators deploying applications created using Oracle Application Express (APEX). The topic is especially important when those applications are public-facing or involve sensitive data. Any Application Express developer or administrator who wants to sleep well at night in an era of network intrusion and data thievery will want this book.

    Table of contents

    1. Title
    2. Dedication
    3. Contents at a Glance
    4. Contents
    5. Foreword
    6. About the Author
    7. About the Technical Reviewer
    8. Acknowledgments
    9. Introduction
    10. CHAPTER 1: Threat Analysis
      1. Assessment
      2. Types of Threats
      3. Summary
    11. CHAPTER 2: Implementing a Security Plan
      1. What Is a Security Plan?
      2. Assessment
      3. Design
      4. Development
      5. Contingency
      6. Review and Revision
      7. Security Reviews
      8. Simulating a Breach
      9. Summary
    12. CHAPTER 3: APEX Architecture
      1. Overview of APEX
      2. Administration Console
      3. Workspaces
      4. Architecture
      5. Transactions
      6. Infrastructure
      7. Summary
    13. CHAPTER 4: Instance Settings
      1. Overview
      2. Manage Instance Settings
      3. Manage Workspaces
      4. Monitor Activity
      5. Summary
    14. CHAPTER 5: Workspace Settings
      1. Manage Service
      2. Manage Users and Groups
      3. Monitor Activity
      4. Workspace Management Best Practices
      5. Summary
    15. CHAPTER 6: Application Settings
      1. Application Settings
      2. Page and Region Settings
      3. Mobile Applications
      4. Summary
    16. CHAPTER 7: Application Threats
      1. SQL Injection
      2. Cross-Site Scripting
      3. Sanitizing Data
      4. URL Tampering
      5. Summary
    17. CHAPTER 8: User Authentication
      1. Types of Authentication Schemes
      2. Common Authentication Scheme Components
      3. Mechanics of Authentication
      4. Summary
    18. CHAPTER 9: User Authorization
      1. Authorization Schemes
      2. Implementing Authorization Schemes
      3. APEX Access Control
      4. Summary
    19. CHAPTER 10: Secure Export to CSV
      1. APEX Export Options
      2. Custom Export to CSV
      3. Summary
    20. CHAPTER 11: Secure Views
      1. The View
      2. Secure View Components
      3. Benefits and Drawbacks
      4. Summary
    21. CHAPTER 12: Virtual Private Database
      1. The Evolution of Data
      2. VPD Basics
      3. Integration with APEX
      4. Managing VPD in Oracle Enterprise Manager
      5. Summary
    22. CHAPTER 13: Shadow Schema
      1. Overview
      2. Components
      3. Securing Data
      4. Summary
    23. CHAPTER 14: Encryption
      1. Encryption
      2. HTTPS
      3. APEX HTTPS Settings
      4. APEX Item Encryption
      5. Advanced Security Option
      6. Summary
    24. Index

    Product information

    • Title: Expert Oracle Application Express Security
    • Author(s): Scott Spendolini
    • Release date: April 2013
    • Publisher(s): Apress
    • ISBN: 9781430247319