Oracle APEX Security Tutorial

Learn how to harden your Oracle APEX applications! Prevent cross site scripting, SQL injection and more.

Oracle Application Express (APEX) has many security related features that help developers create applications that are guarded from today’s web based threats. But if developers are unaware of these features, how they work and what they guard against, then it is likely they will create applications with at least a few security holes. In this tutorial you will see demos of certain exploits, including Cross Site Scripting and SQL injection, and subsequently learn how to protect against them using the correct feature(s) in APEX or Oracle in general.

Want more? April 10 INTERMEDIATE APEX Training with Expert Tyson Jouglet!

This free training is segmented into several separate lessons:

  1. Overview (1:21)
  2. Is APEX Secure (1:13)
  3. Controlling Access (0:57) (click on video below)
  4. Authentication Schemes (3:08)
  5. Conditions vs Authorization (12:45)
  6. Protect the Ends (12:45)
  7. Propagate the WHERE (3:47)
  8. Session State Protection (8:44)
  9. Other Session State Protection (3:24)
  10. SQL Injection (5:16)
  11. Cross Site Scripting (9:05)

Date: Sep 27, 2012

Want more? April 10 INTERMEDIATE APEX Training with Expert Tyson Jouglet!

NOTE: Some corporate firewalls will not allow videos hosted by YouTube.


Controlling Access

3. Securing Oracle APEX – Controlling Access


>> Dan:  Let’s talk a little bit more about controlling access. I break this up into two parts – the application itself as well as the data access from within. 




Now, when it comes to the application you’re looking at things like, who can access the app? Who can access your functionality within it? Who can access a given component whether it’s a region, a page, an item, a button, whatever? 


That’s application level for me. And for that you’re going to use authentication and authorization schemes within APEX. I’ve actually seen developers recreate these features because they simply didn’t look in the shared components where they would’ve found them. 




Then the other half of the equation is data and this has to do with what rows a given user can see, and for that you simply use WHERE clauses most of the time.



Copyright 2017

Free Online Registration Required

The tutorial session you want to view requires your registering with us.

It’s fast and easy, and totally FREE.

And best of all, once you are registered, you’ll also have access to all the other 100’s of FREE Video Tutorials we offer!