As web applications rose in popularity around the turn of the century
Enviado por laclese • 29 de Junio de 2014 • 296 Palabras (2 Páginas) • 256 Visitas
As web applications rose in popularity around the turn of the century, we worked to develop tools
and tactics to assist in attacking sites for customers. As more content was placed within web-based
systems, this area of research grew almost in tandem with the number of real-world attacks that
were happening against Internet-facing websites.
In recent years, we became exposed to Oracle Application Express (APEX) and realized that there
was no single resource for developers on securing their APEX applications. We were able to break
into APEX applications in a myriad of ways after learning about the unique structure of the APEX
environment. But we had to learn from scratch why the security fl aws existed and how to explain to
developers the steps required to resolve the risks. We’ve collated this experience and advice into this
book to help any APEX developer create secure APEX applications.
Oracle APEX use is booming, and we’re seeing more Oracle customers choosing APEX for
presentation of their business data from the database. Some customers have hundreds of APEX
applications, ranging in complexity from simple data presentation and reporting through to complex
business process management and geospatial analysis. Many have serious security requirements and
need to ensure that their data is protected both from unknown parties operating on their networks,
and also their “trusted” users acting with malicious intent.
APEX is a great tool for rapidly getting raw data out of the database and into a familiar browser
environment for users. Whereas there is a gain in terms of functionality in this Rapid Application
Development (RAD) model, what we often see is a detrimental effect on security. That’s where Recx
comes in — we hope this book is useful for all levels of APEX developers to understand the common
risks faced by web applications, how they occur within APEX, and the simple steps required to
ensure applications are robust against attack.
...