[Berkeley, Calif.], : Apress, 2013

1-4302-4732-0

1 online resource (xxiv, 270 pages) : illustrations (chiefly color)

Expert's voice in Oracle Expert Oracle application express security

005.8

Application software - Development

Inglese

Includes index.

Cover; Title Page; Copyright Page; Dedication Page; Contents at a Glance; Table of Contents; Foreword; About the Author; About the Technical Reviewer; Acknowledgments; Introduction; About This Book; Security Planning & Assessment; APEX Security; User Access; Data Access & Protection; Downloading the Code; Contacting the Author; CHAPTER 1 Threat Analysis; Assessment; Home Security Assessment; Application Security Assessment; Data and Privileges; Types of Threats; Preventable; URL Tampering; SQL Injection; Cross-Site Scripting; Unpreventable; Summary; CHAPTER 2 Implementing a Security Plan

What Is a Security Plan?Assessment; Risk Analysis; Access Control; Data Access; Auditing and Monitoring; Application Management; Design; Development; Contingency; Review and Revision; Security Reviews; Automated Reviews; Manual Reviews; Simulating a Breach; Summary; CHAPTER 3 APEX Architecture; Overview of APEX; Administration Console; Managing Requests; Managing Instances; Managing Workspaces; Monitoring Activity; Workspaces; Users and Roles; Schema Mappings; Components; Application Builder; SQL Workshop; Team Development; Websheets; Architecture; Metadata-Based Architecture; Schemas

APEX_PUBLIC_USERAPEX_040200; FLOWS_FILES; Transactions; The f Procedure and WWV_FLOW.SHOW; The WWV_FLOW.ACCEPT Procedure; Session State; Infrastructure; Embedded PL/SQL Gateway; Oracle HTTP Server and mod_plsql; APEX Listener; Summary; CHAPTER 4 Instance Settings; Overview; Runtime Mode; The Instance Administration API;

The Instance Administrator Database Role; Other Options; Configuration and Management; Manage Instance Settings; Feature Configuration; Allow PL/SQL Program Unit Editing Setting; Create Demonstration Objects in New Workspace Setting

Create Websheet Objects in New Workspaces Setting Packaged Application Install Options; SQL Workshop; Monitoring; Application Activity Logging; Enable Application Tracing; Enable Service Requests; Security; Set Workspace Cookie; Disable Administrator Login; Disable Workspace Login; Allow Public File Upload; Restrict Access by IP Address; Instance Proxy; Require HTTPS; Require Outbound HTTPS; Allow RESTful Access; Maximum Session Length and Idle Time in Seconds; Domain Must Not Contain; General Login Controls; Delay After Failed Login Attempts in Seconds; Method for Computing the Delay

Inbound Proxy Servers Require User Account Expiration and Locking; Maximum Login Failures Allowed; Account Password Lifetime (Days); Workspace Password Policy; Instance Configuration Settings; Provisioning Status; Require Verification Code; Notification E-mail Address; E-mail Provisioning; Message; Require New Schema; Encrypted Tablespaces; Delete Uploaded Files After (Days); E-mail; Wallet Path; Wallet Password; Report Printing; Workspace Purge Settings; Manage Other Instance Settings; Session State; Recent Sessions Report; Purge Sessions by Age Function; Session State Statistics Report

Logs and Files

Expert Oracle Application Express Security covers all facets of security related to Oracle Application Express (APEX) development. From basic settings that can enhance security, to preventing SQL Injection and Cross Site Scripting attacks, Expert Oracle Application Express Security shows how to secure your APEX applications and defend them from intrusion. Security is a process, not an event. Expert Oracle Application Express Security is written with that theme in mind. Scott Spendolini, one of the original creators of the product, offers not only examples of security best practices, but also provides step-by-step instructions on how to implement the recommendations presented. A must-read for even the most experienced APEX developer, Expert Oracle Application Express Security can help your organization ensure their APEX applications are as secure as they can be.