Contents

Foreword

About the Author

About the Technical Reviewer

Acknowledgments

Introduction

images Chapter 1: Threat Analysis

Assessment

Home Security Assessment

Application Security Assessment

Data and Privileges

Types of Threats

Preventable

Unpreventable

Summary

images Chapter 2: Implementing a Security Plan

What Is a Security Plan?

Assessment

Risk Analysis

Access Control

Data Access

Auditing and Monitoring

Application Management

Design

Development

Contingency

Review and Revision

Security Reviews

Automated Reviews

Manual Reviews

Simulating a Breach

Summary

images Chapter 3: APEX Architecture

Overview of APEX

Administration Console

Managing Requests

Managing Instances

Managing Workspaces

Monitoring Activity

Workspaces

Users and Roles

Schema Mappings

Components

Architecture

Metadata-Based Architecture

Schemas

Transactions

The f Procedure and WWV_FLOW.SHOW

The WWV_FLOW.ACCEPT Procedure

Session State

Infrastructure

Embedded PL/SQL Gateway

Oracle HTTP Server and mod_plsql

APEX Listener

Summary

images Chapter 4: Instance Settings

Overview

Runtime Mode

The Instance Administration API

The Instance Administrator Database Role

Other Options

Configuration and Management

Manage Instance Settings

Feature Configuration

Security

Instance Configuration Settings

Session State

Logs and Files

Messages

Self Service Sign Up

Manage Workspaces

Create Workspace

Create Multiple Workspaces

Remove Workspace

Lock Workspace

Manage Workspace to Schema Assignments

Manage Developers and Users

Manage Component Availability

Export and Import

View Workspace Reports

Manage Applications

View Application Attributes

Monitor Activity

Realtime Monitor Reports

Archived Activity Reports

Dashboard Report

Summary

images Chapter 5: Workspace Settings

Manage Service

Service Requests

Workspace Preferences

Manage Meta Data

Manage Users and Groups

User Types

Managing Users

Managing Groups

Monitor Activity

Workspace Management Best Practices

Summary

images Chapter 6: Application Settings

Application Settings

Definition

Security Attributes

User Interface

Page and Region Settings

Page Settings

Region Settings

Report Settings

Mobile Applications

Hesitancy Toward Corporate Adoption

Mobile Considerations for Security

Summary

images Chapter 7: Application Threats

SQL Injection

Anatomy of an Attack

SQL Injection in APEX

Bind Variable Notation and Dynamic SQL in APEX

Cross-Site Scripting

Anatomy of an Attack

Reflexive Attacks

Persistent Attacks

Sanitizing Data

Restricted Characters

APEX_ESCAPE

Column Formatting

Escaping Regions and Items

Protecting Cookies

Frames

URL Tampering

Authorization Inconsistencies

Page and Item Protection

Virtual Private Database and Secure Views

Summary

images Chapter 8: User Authentication

Types of Authentication Schemes

Application Express Users

Database Accounts

HTTP Header Variable

LDAP Directory

No Authentication (Using DAD)

Open Door Credentials

Oracle Application Server Single Sign-On

Custom

APIs for Custom Authentication

Common Authentication Scheme Components

Source

Session Not Valid

Login Processing

Post Logout URL

Session Cookie Attributes

Mechanics of Authentication

The Login Page

Login Page Processes

Logging Out

Summary

images Chapter 9: User Authorization

Authorization Schemes

Implementing Authorization Schemes

Role Location

Table-Based Roles

Gatekeeper Authorization Scheme

Page-Level Authorization Schemes

Authorization Inconsistencies

APEX Access Control

Summary

images Chapter 10: Secure Export to CSV

APEX Export Options

Maximum Row Count

Column Restrictions: Standard Reports

Column Restrictions: Interactive Reports

Custom Export to CSV

Restricting Records with ROWNUM

Restricting Records with PL/SQL

Summary

images Chapter 11: Secure Views

The View

Secure View Components

Application Contexts

PL/SQL Procedure

Secure View SQL

Security Attributes

Benefits and Drawbacks

Summary

images Chapter 12: Virtual Private Database

The Evolution of Data

VPD Basics

Integration with APEX

VPD Policy Function

Column Masking and Obfuscation

Managing VPD in Oracle Enterprise Manager

Summary

images Chapter 13: Shadow Schema

Overview

Components

Database: Schema and Object Creation

Data Schema: Views

Revoke Privileges

System and User Event Trigger

APEX: Simple Form and Report

DML APIs and Processes

Grants and Synonyms

Table API Processes

Securing Data

Application Context

Views

Synonym

PL/SQL Initialization Code

Summary

images Chapter 14: Encryption

Encryption

HTTPS

APEX HTTPS Settings

Instance Admin Console and Application Development Environment

Applications

APEX Item Encryption

Data Encryption

DBMS_CRYPTO

Encrypted Collections

Example

Advanced Security Option

Transparent Data Encryption

Network Encryption

Summary

Index

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.141.4.179