ApexSec Latest Release

The latest release of ApexSec is 3.1.23, the following features and fixes have been implemented;

  • Check for Java VM lower than 1.8
  • Autocomplete detection, clarify global page issues
  • Prevent false positive on on Frame Embedding detection when compatibility mode is set
  • Improve detection of SQL Injection for new ‘NATIVE_’ style reports
  • Clarify report text for Secure Cookies setting
  • Indicate ‘save status’ in tab when using Developer Comments
  • Remember position and status of Developer Comments on application close
  • Ensure global page items are correctly reported for the Page Autocomplete detection
  • Support for accessing multiple schemas when connecting and analysing from database connection
  • Prevent blank screen on project load on Red Hat Linux
  • Fix for ‘null’ error message when loading old projects which scan files
  • Fix for error when server is using self-signed certificates
  • Include ApexSec version on reports
  • Add Command Line option to print ApexSec version
  • Move ‘default’ apexsec.oracle.com scan URL to be https on first run
  • Correct dates on copyright notices
  • Correctly scan APEX export files that have had additional REM statements added at top of file
  • Update Code protection encryption library
  • Make on-disk preferences human readable and consistent across ApexSec versions
  • Prevent error where impossible to make functions and/or procedures ‘false positive’
  • Increase speed when importing files
  • Remove deleted APEX items from results
  • Change internal hashing mechanism to a faster algorithm
  • Prevent error when files are removed or added from ZIP file and re-scanned
  • Allow ‘false positive’ button to mark a whole vulnerability class in GUI
  • Correct error when database closes connection
  • Fixed error where ApexSec attempts lookup of code on closed database handle
  • If directory scan only contains one APEX export then scan without prompting
  • Fix for incorrect caching in temp directory when scanning ZIP files
  • Fix for error when scanning ZIP file containing invalid files

In the release of ApexSec 3.1.22, the following features and fixes have been implemented;

  • New APEX 5.1 compatibility to allow scanning of 5.1 APEX applications
  • New improved error handling for APEX 5.0 and APEX 5.1 when accessing APEX Builder
  • New detection of Cross-Site Scripting problems in APEX error messages
  • Fix to correctly identify function/procedure lookups where function contains default values
  • Fix to ignore built-in fuctions when performing code lookup via APEX builder improving speed
  • Fix to prevent thread locking and slow down when accessing application through APEX builder
  • Fix to improve Oracle 12c compatibility for create table and package syntax
  • Fix to prevent ‘HIDDEN’ APEX columns erroneously appearing in Cross-Site Scripting Checks
  • Fix to increase Timeout on HTTP requests to allow slow servers to respond
  • Fix incorrect highlighting of issues for ‘Direct URL’ plugin in SELECT statement
  • Fix spurious highlighting problem in APEX Interactive Report queries
  • Fix for occational application crash when analysing from APEX Builder
  • Fix for ‘File Handling’ plugin where only the first issue was highlighted
  • Fix for occasional endless loop when analysing ZIP file contents
  • Fix for Mac OS where renamed project file causes crash
  • Fix to ensure dbms.assert.encode_literal passes all SQL injection detection
  • Fix for crash when web server does not return all expected headers