Hands-On Oracle APEX Security

Building Secure APEX Applications

APEXebook

Our book takes a lead-by-example approach to demonstrate attacks against security vulnerabilities in APEX applications. We show the reader how simple mistakes can open up risks in APEX applications, and then guide them through using simple “hacker” techniques to exploit the issues. The reader is then shown the correct way to secure their application so such exploitation is not possible. The book also covers Access Control, Cross-Site Scripting, SQL Injection and the APEX Item Protection mechanisms.

Many of the examples in the book have been stripped down to be simple, to show the core problems and solutions. We also list some more complex examples taken from real-world applications (suitably anonymised!) to ground the security risks. Explanations of why the fixes are relevant and the impact of attacks are also included.

We hope our examples and explanations help APEX developers create secure applications.

To give you a taste of what to expect in the book we have produced a series of short videos that run through the examples from the “SQL Injection” chapter of the book.

Show the PL/SQL code used in these examples

Purchase our book from any of the retailers listed above to get a more in-depth explanation of the vulnerabilities and solutions included within these videos as well as a wide range of other topics including Access Control, Cross-Site Scripting, Item Protection and other ever-present security risks within APEX applications.