ApexSec Latest Release

ApexSec performs security scans of APEX applications from 3.x through to 24.2.

The latest release of ApexSec is 3.1.24, the following features and fixes have been implemented;

  • Fix for memory exhaustion when processing large APEX exports over 60Mb
  • Correct Compatibility mode correction for APEX 18.1
  • Correct Report Column scanning for APEX 18.1
  • Correct Public Page detection for APEX 18.1
  • Fix Project Merging where ‘null’ added to comments
  • Fix report output where APEX items have been moved or been deleted
  • Fix regression issue for import of APEX 4.x applications
  • Enable HTML output from the command line
  • Fix scanning error when only 1 CPU available
  • Display a reminder to user about license expiry
  • Enable correct handling of multiple monitors
  • Enable scanning of APEX 19.1 applications
  • Improve checking of AJAX dynamic actions
  • Do not report on Display Only items that cannot be protected
  • Fix for lookup of synonyms with variable case names
  • New detection of unprotected and un-escaped items for reflective XSS
  • New detection of usage of cryptographically weak random number generator code
  • Wrap long project names in home screen
  • Correct re-scan problem with projects saved from older version of ApexSec
  • Enable output of JUnit results from the GUI
  • Correct JUnit output where a pass and fail had the same test name
  • Add human readable item description to JUnit output
  • Populate password field on re-scan if password saved with project
  • Default set to scan packages to make GUI consistent with CLI
  • Correct command line help text for option to not scan packages

In the release of ApexSec is 3.1.23, the following features and fixes have been implemented;

  • Check for Java VM lower than 1.8
  • Autocomplete detection, clarify global page issues
  • Prevent false positive on on Frame Embedding detection when compatibility mode is set
  • Improve detection of SQL Injection for new ‘NATIVE_’ style reports
  • Clarify report text for Secure Cookies setting
  • Indicate ‘save status’ in tab when using Developer Comments
  • Remember position and status of Developer Comments on application close
  • Ensure global page items are correctly reported for the Page Autocomplete detection
  • Support for accessing multiple schemas when connecting and analysing from database connection
  • Prevent blank screen on project load on Red Hat Linux
  • Fix for ‘null’ error message when loading old projects which scan files
  • Fix for error when server is using self-signed certificates
  • Include ApexSec version on reports
  • Add Command Line option to print ApexSec version
  • Move ‘default’ apexsec.oracle.com scan URL to be https on first run
  • Correct dates on copyright notices
  • Correctly scan APEX export files that have had additional REM statements added at top of file
  • Update Code protection encryption library
  • Make on-disk preferences human readable and consistent across ApexSec versions
  • Prevent error where impossible to make functions and/or procedures ‘false positive’
  • Increase speed when importing files
  • Remove deleted APEX items from results
  • Change internal hashing mechanism to a faster algorithm
  • Prevent error when files are removed or added from ZIP file and re-scanned
  • Allow ‘false positive’ button to mark a whole vulnerability class in GUI
  • Correct error when database closes connection
  • Fixed error where ApexSec attempts lookup of code on closed database handle
  • If directory scan only contains one APEX export then scan without prompting
  • Fix for incorrect caching in temp directory when scanning ZIP files
  • Fix for error when scanning ZIP file containing invalid files

In the release of ApexSec 3.1.22, the following features and fixes have been implemented;

  • New APEX 5.1 compatibility to allow scanning of 5.1 APEX applications
  • New improved error handling for APEX 5.0 and APEX 5.1 when accessing APEX Builder
  • New detection of Cross-Site Scripting problems in APEX error messages
  • Fix to correctly identify function/procedure lookups where function contains default values
  • Fix to ignore built-in fuctions when performing code lookup via APEX builder improving speed
  • Fix to prevent thread locking and slow down when accessing application through APEX builder
  • Fix to improve Oracle 12c compatibility for create table and package syntax
  • Fix to prevent ‘HIDDEN’ APEX columns erroneously appearing in Cross-Site Scripting Checks
  • Fix to increase Timeout on HTTP requests to allow slow servers to respond
  • Fix incorrect highlighting of issues for ‘Direct URL’ plugin in SELECT statement
  • Fix spurious highlighting problem in APEX Interactive Report queries
  • Fix for occational application crash when analysing from APEX Builder
  • Fix for ‘File Handling’ plugin where only the first issue was highlighted
  • Fix for occasional endless loop when analysing ZIP file contents
  • Fix for Mac OS where renamed project file causes crash
  • Fix to ensure dbms.assert.encode_literal passes all SQL injection detection
  • Fix for crash when web server does not return all expected headers