Secure Development with Oracle APEX
In this course you will learn how and most importantly where your APEX applications can be vulnerable to attacks. In addition we will discuss steps you can take to protect from malicious users and detect defects before problems occur.
You will learn how to prevent the (in)famous 4: (Session State protection, SQL injection, XSS, URL tampering)
You’ll also learn wow to perform the application security scans everyone can afford. Refer to the Topic Summary for more details on what is covered in this class.
Technical Requirements
It is intended as well for beginners as for seasoned APEX developers who are familiar with the development processes and components found in APEX.
Nothing is required for labs (workshops). SkillBuilders will provide everything you need for all hands-on labs. Modest PC or Mac specs are required to connect to the online class. Detailed specs can be found here.
Also, we strongly recommend using two monitors for this class.
Course Features
- Lecture 0
- Quiz 0
- Duration 8 Hours
- Skill level All levels
- Language English
- Students 6
- Assessments Yes
- Introduction
- Overview of most common techniques
- Overview of APEX security features including
- Overview of Authentication (with 2FA example)
- Overview of Authorization
- Overview of Application security settings
- APEX URL
- Protecting Items and Session State
- Overview of the problem and solutions
- Validations (optional)
- Items
- Hidden and protected
- Display, read only and disabled
- Sensitive
- Application level
- Page Access Protection
- Session State Protection
- PREPARE_URL Considerations
- SQL Injection
- Overview of the problem and solutions
- Substitution Variables in report query
- Dynamic SQL – Function Returning SQL Query
- Dynamic SQL – Execute Immediate
- Dynamic SQL – Cursors
- Dynamic SQL – APEX APIs
- Other
- Error handling function
- Cross-Site Scripting (XSS)
- Overview of the problem and solutions
- Substitution Variables
- Report Column Display Type
- Report Column Formatting – HTML Expressions
- Report column LOV
- Direct Output
- Overview of the problem and solutions
- General Tips and Techniques
- AJAX
- Monitoring and logging
- Security tools (optional)
- Testing tools (optional)
- Processes and practices
- Security scans