Expert Oracle Application. Express Security. Scott Spendolini. Apress"

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Expert Oracle Application. Express Security. Scott Spendolini. Apress""

Transcription

1 Expert Oracle Application Express Security Scott Spendolini Apress"

2 Contents Foreword About the Author About the Technical Reviewer Acknowledgments Introduction xv xvii xix xxi xxiii BChapter 1: Threat Analysis 1 Assessment 1 Home Security Assessment 1 Application Security Assessment 2 Data and Privileges 3 Types of Threats 4 Preventable 4 Unpreventable 6 Summary 6 Chapter 2: Implementing a Security Plan 7 What Is a Security Plan? 7 Assessment 8 Risk Analysis 8 Access Control 8 Data Access 9 Auditing and Monitoring Application Management Design vii

3 Development 10 Contingency 10 Review and Revision 11 Security Reviews 11 Automated Reviews 11 Manual Reviews 12 Simulating a Breach 12 Summary 13 SChapter 3: APEX Architecture 15 Overview of APEX 15 Administration Console 17 Managing Requests 18 Managing Instances 19 Managing Workspaces 19 Monitoring Activity 19 Workspaces 20 Users and Roles 20 Schema Mappings 22 Components 22 Architecture 26 Metadata-Based Architecture 26 Schemas 27 Transactions 32 The f Procedure and WWV_FL0W.SH0W 32 The WWV_FLOW.ACCEPT Procedure 33 Session State 36 Infrastructure 38 Embedded PL/SQL Gateway 38 Oracle HTTP Server and mod_plsql 39 APEX Listener 39 Summary 40 viii

4 Chapter 4: Instance Settings 41 Overview 41 Runtime Mode 42 The Instance Administration API 43 The Instance Administrator Database Role 43 Other Options 44 Configuration and Management 44 Manage Instance Settings 45 Feature Configuration 47 Security 48 Instance Configuration Settings 56 Session State 60 Logs and Files 62 Messages 63 Self Service Sign Up 64 Manage Workspaces 64 Create Workspace 65 Create Multiple Workspaces 68 Remove Workspace 70 Lock Workspace 71 Manage Workspace to Schema Assignments 72 Manage Developers and Users 73 Manage Component Availability 75 Export and Import 76 View Workspace Reports 76 Manage Applications 78 View Application Attributes 78 Monitor Activity 80 Realtime Monitor Reports 80 Archived Activity Reports 87 Dashboard Report 87 Summary 88 ix

5 Chapter 5: Workspace Settings 89 Manage Service 89 Service Requests 90 Workspace Preferences 91 Manage Meta Data 92 Manage Users and Groups 94 User Types 95 Managing Users 96 Managing Groups 98 Monitor Activity 99 Workspace Management Best Practices 100 Summary 100 Chapter 6: Application Settings 101 Application Settings 101 Definition 101 Security Attributes 108 User Interface 117 Page and Region Settings 118 Page Settings 118 Region Settings 124 Report Settings 126 Mobile Applications 127 Hesitancy Toward Corporate Adoption 127 Mobile Considerations for Security 127 Summary 128 Chapter 7: Application Threats 129 SQL Injection 129 Anatomy of an Attack 130 SQL Injection in APEX 133 Bind Variable Notation and Dynamic SQL in APEX 136 x

6 Cross-Site Scripting 139 Anatomy of an Attack 140 Reflexive Attacks 140 Persistent Attacks 143 Sanitizing Data 144 Restricted Characters 145 APEX_ESCAPE 145 Column Formatting 146 Escaping Regions and Items 151 Protecting Cookies 152 Frames 152 URL Tampering 153 Authorization Inconsistencies 153 Page and Item Protection 154 Virtual Private Database and Secure Views 157 Summary 158 Chapter 8: User Authentication 159 Types of Authentication Schemes 159 Application Express Users 160 Database Accounts 160 HTTP Header Variable 160 LDAP Directory 162 No Authentication (Using DAD) 162 Open Door Credentials 163 Oracle Application Server Single Sign-On 163 Custom 163 APIs for Custom Authentication 165 Common Authentication Scheme Components 166 Source 166 Session Not Valid 167 Login Processing 167 xi

7 Post Logout URL 168 Session Cookie Attributes 168 Mechanics of Authentication 169 The Login Page 169 Login Page Processes 170 Logging Out 174 Summary 175 Chapter 9: User Authorization 177 Authorization Schemes 177 Implementing Authorization Schemes 179 Role Location 179 Table-Based Roles 179 Gatekeeper Authorization Scheme 180 Page-Level Authorization Schemes 180 Authorization Inconsistencies 182 APEX Access Control 183 Summary 184 Chapter 10: Secure Export to CSV 185 APEX Export Options 185 Maximum Row Count 185 Column Restrictions: Standard Reports 187 Column Restrictions: Interactive Reports 187 Custom Export to CSV 188 Restricting Records with ROWNUM 188 Restricting Records with PL/SQL 190 Summary 200 xii

8 Chapter 11: Secure Views 201 The View 201 Secure View Components 202 Application Contexts 203 PL/SQL Procedure 203 Secure View SQL 204 Security Attributes 206 Benefits and Drawbacks 208 Summary 209 Chapter 12: Virtual Private Database 211 The Evolution of Data 211 VPD Basics 212 Integration with APEX 212 VPD Policy Function 213 Column Masking and Obfuscation 215 Managing VPD in Oracle Enterprise Manager 222 Summary 223 Chapter 13: Shadow Schema 225 Overview 225 Components 226 Database: Schema and Object Creation 226 Data Schema: Views 228 Revoke Privileges 229 System and User Event Trigger 230 APEX: Simple Form and Report 231 DML APIs and Processes 232 Grants and Synonyms 238 Table API Processes 238 xiii

9 Securing Data 242 Application Context Views Synonym PL/SQL Initialization Code Summary Chapter 14: Encryption Encryption HTTPS APEX HTTPS Settings InstanceAdmin Console and Application Development Environment 251 Applications APEX Item Encryption Data Encryption DBMS_CRYPTO Encrypted Collections 256 Example Advanced Security Option Transparent Data Encryption 263 Network Encryption Summary Index. 265 xiv

Management. Oracle Fusion Middleware. 11 g Architecture and. Oracle Press ORACLE. Stephen Lee Gangadhar Konduri. Mc Grauu Hill.

Management. Oracle Fusion Middleware. 11 g Architecture and. Oracle Press ORACLE. Stephen Lee Gangadhar Konduri. Mc Grauu Hill. ORACLE Oracle Press Oracle Fusion Middleware 11 g Architecture and Management Reza Shafii Stephen Lee Gangadhar Konduri Mc Grauu Hill New York Chicago San Francisco Lisbon London Madrid Mexico City Milan

More information

Oracle Database 11g: Security Release 2. Course Topics. Introduction to Database Security. Choosing Security Solutions

Oracle Database 11g: Security Release 2. Course Topics. Introduction to Database Security. Choosing Security Solutions Oracle Database 11g: Security Release 2 In this course, students learn how they can use Oracle Database features to meet the security, privacy and compliance requirements of their organization. The current

More information

D50323GC20 Oracle Database 11g: Security Release 2

D50323GC20 Oracle Database 11g: Security Release 2 D50323GC20 Oracle Database 11g: Security Release 2 What you will learn In this course, you'll learn how to use Oracle Database features to meet the security, privacy and compliance requirements of their

More information

Oracle Database 11g: Security Release 2

Oracle Database 11g: Security Release 2 Oracle University Contact Us: 1.800.529.0165 Oracle Database 11g: Security Release 2 Duration: 5 Days What you will learn In this course, you'll learn how to use Oracle Database features to meet the security,

More information

HOW TO MAKE YOUR ORACLE APEX APPLICATION SECURE Peter Lorenzen, WM-data a LogicaCMG company

HOW TO MAKE YOUR ORACLE APEX APPLICATION SECURE Peter Lorenzen, WM-data a LogicaCMG company HOW TO MAKE YOUR ORACLE APEX APPLICATION SECURE Peter, WM-data a LogicaCMG company Security - What security? The lesson learned in the Internet era is that nothing is secure. There are security flaws in

More information

Expert PHP and MySQL. Application Desscpi and Development. Apress" Marc Rochkind

Expert PHP and MySQL. Application Desscpi and Development. Apress Marc Rochkind Expert PHP and MySQL Application Desscpi and Development Marc Rochkind Apress" Contents About the Author About the Technical Reviewer Acknowledgments Introduction xvii xix xxi xxiii -Chapter 1: Project

More information

WebLogic Server 11g Administration Handbook

WebLogic Server 11g Administration Handbook ORACLE: Oracle Press Oracle WebLogic Server 11g Administration Handbook Sam R. Alapati Mc Graw Hill New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore

More information

Oracle Application Express

Oracle Application Express Oracle Application Express Administration Guide Release 4.0 E15521-01 June 2010 Oracle Application Express Administration Guide, Release 4.0 E15521-01 Copyright 2003, 2010, Oracle and/or its affiliates.

More information

Oracle Database 11g: Security. What you will learn:

Oracle Database 11g: Security. What you will learn: Oracle Database 11g: Security What you will learn: In Oracle Database 11g: Security course students learn how they can use Oracle database features to meet the security, privacy and compliance requirements

More information

Annex B - Content Management System (CMS) Qualifying Procedure

Annex B - Content Management System (CMS) Qualifying Procedure Page 1 DEPARTMENT OF Version: 1.5 Effective: December 18, 2014 Annex B - Content Management System (CMS) Qualifying Procedure This document is an annex to the Government Web Hosting Service (GWHS) Memorandum

More information

How to Make Your Oracle APEX Application Secure

How to Make Your Oracle APEX Application Secure How to Make Your Oracle APEX Application Secure Peter Lorenzen Technology Manager WM-data Denmark a LogicaCMG Company peloz@wmdata.com LogicaCMG 2006. All rights reserved 1 Presentation Target audience

More information

Demystified CONTENTS Acknowledgments xvii Introduction xix CHAPTER 1 Database Fundamentals CHAPTER 2 Exploring Relational Database Components

Demystified CONTENTS Acknowledgments xvii Introduction xix CHAPTER 1 Database Fundamentals CHAPTER 2 Exploring Relational Database Components Acknowledgments xvii Introduction xix CHAPTER 1 Database Fundamentals 1 Properties of a Database 1 The Database Management System (DBMS) 2 Layers of Data Abstraction 3 Physical Data Independence 5 Logical

More information

System Administration of Windchill 10.2

System Administration of Windchill 10.2 System Administration of Windchill 10.2 Overview Course Code Course Length TRN-4340-T 3 Days In this course, you will gain an understanding of how to perform routine Windchill system administration tasks,

More information

AppFabric. Pro Windows Server. Stephen Kaufman. Danny Garber. Apress. INFORMATIONSBIBLIOTHbK TECHNISCHE. U N! V En SIT AT S R!

AppFabric. Pro Windows Server. Stephen Kaufman. Danny Garber. Apress. INFORMATIONSBIBLIOTHbK TECHNISCHE. U N! V En SIT AT S R! Pro Windows Server AppFabric Stephen Kaufman Danny Garber Apress TECHNISCHE INFORMATIONSBIBLIOTHbK T1B/UB Hannover 133 294 706 U N! V En SIT AT S R! B L' OT H E K HANNOVER Contents it Contents at a Glance

More information

Oracle Database 11g: Security

Oracle Database 11g: Security Oracle University Contact Us: +27 (0)11 319-4111 Oracle Database 11g: Security Duration: 5 Days What you will learn In Oracle Database 11g: Security course students learn how to use Oracle database features

More information

Oracle JDeveloper 10g for Forms & PL/SQL

Oracle JDeveloper 10g for Forms & PL/SQL ORACLE Oracle Press Oracle JDeveloper 10g for Forms & PL/SQL Peter Koletzke Duncan Mills Me Graw Hill New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore

More information

J j enterpririse. Oracle Application Express 3. Develop Native Oracle database-centric web applications quickly and easily with Oracle APEX

J j enterpririse. Oracle Application Express 3. Develop Native Oracle database-centric web applications quickly and easily with Oracle APEX Oracle Application Express 3 The Essentials and More Develop Native Oracle database-centric web applications quickly and easily with Oracle APEX Arie Geller Matthew Lyon J j enterpririse PUBLISHING BIRMINGHAM

More information

Pro SQL Server 2008 Pol icy-based. Management. Ken Simmons. Colin Stasiuk. Jorge Segarra. Apress8

Pro SQL Server 2008 Pol icy-based. Management. Ken Simmons. Colin Stasiuk. Jorge Segarra. Apress8 Pro SQL Server 2008 Pol icy-based Management Ken Simmons Colin Stasiuk Jorge Segarra Apress8 Contents Contents at a Glance Contents About the Authors About the Technical Reviewers Acknowledgments Introduction

More information

Big Data Analytics. Using Splunk. Peter Zadrozny. Raghu Kodali. Apress"

Big Data Analytics. Using Splunk. Peter Zadrozny. Raghu Kodali. Apress Big Data Analytics Using Splunk Peter Zadrozny Raghu Kodali Apress" Contents at a Glance About the Authors About the Technical Reviewer Acknowledgments xv xvii xix Chapter 1: Big Data and Splunk 1 ^Chapter

More information

Implementing Database Security and Auditing

Implementing Database Security and Auditing Implementing Database Security and Auditing A guide for DBAs, information security administrators and auditors Ron Ben Natan ELSEVIER DIGITAL PRESS Amsterdam Boston Heidelberg London New York Oxford P

More information

Beginning SQL Server. 2012 Administration. Apress. Rob Walters Grant Fritchey

Beginning SQL Server. 2012 Administration. Apress. Rob Walters Grant Fritchey Beginning SQL Server 2012 Administration Rob Walters Grant Fritchey Apress Contents at a Glance About the Authors About the Technical Reviewer Acknowledgments Introduction xv xvi xvii xviii Chapter 1:

More information

Beginning Oracle. Application Express 4. Doug Gault. Timothy St. Hilaire. Karen Cannell. Martin D'Souza. Patrick Cimolini

Beginning Oracle. Application Express 4. Doug Gault. Timothy St. Hilaire. Karen Cannell. Martin D'Souza. Patrick Cimolini Beginning Oracle Application Express 4 Doug Gault Karen Cannell Patrick Cimolini Martin D'Souza Timothy St. Hilaire Contents at a Glance About the Authors Acknowledgments iv xv xvil 0 Chapter 1: An Introduction

More information

Agile Database Techniques: Effective Strategies for the Agile Software Developer HDT822 Four Days

Agile Database Techniques: Effective Strategies for the Agile Software Developer HDT822 Four Days Four Days Prerequisites Students should have experience designing databases and data warehouses. Knowledge of Agile design techniques is helpful. Who Should Attend This course is targeted at database designers,

More information

An Oracle White Paper June 2014. Security and the Oracle Database Cloud Service

An Oracle White Paper June 2014. Security and the Oracle Database Cloud Service An Oracle White Paper June 2014 Security and the Oracle Database Cloud Service 1 Table of Contents Overview... 3 Security architecture... 4 User areas... 4 Accounts... 4 Identity Domains... 4 Database

More information

Data Security: Strategy and Tactics for Success

Data Security: Strategy and Tactics for Success Data Security: Strategy and Tactics for Success DatabaseVisions,Inc. Fairfax, Va Oracle Gold Partner Solution Provider Oracle Security Specialized www.databasevisions.com Overview Cloud Computing presents

More information

Oracle EXAM - 1Z0-528. Oracle Database 11g Security Essentials. Buy Full Product. http://www.examskey.com/1z0-528.html

Oracle EXAM - 1Z0-528. Oracle Database 11g Security Essentials. Buy Full Product. http://www.examskey.com/1z0-528.html Oracle EXAM - 1Z0-528 Oracle Database 11g Security Essentials Buy Full Product http://www.examskey.com/1z0-528.html Examskey Oracle 1Z0-528 exam demo product is here for you to test the quality of the

More information

Oracle Database 10g Security

Oracle Database 10g Security Oracle Database 10g Security Course information Days : 4 Total lessons : 20 Suggested Prerequisites : Oracle Database 10g: Administrator Workshop I Oracle Database 10g: Administrator Workshop II Training

More information

SQL Server 2008 Administration

SQL Server 2008 Administration SQL Server 2008 Administration Real World Skills for ITP Certification and Beyond Tom Carpenter WILEY Wiley Publishing, Inc. Contents Introduction xxi Part i Introducing SQL Server 2008 1 Chapter 1 Understanding

More information

PL/SQL Programming Workbook

PL/SQL Programming Workbook ORACLG Oracle Press Oracle Database 11 g PL/SQL Programming Workbook TIB/UB Hannover 89 ACKNOWLEDGMENTS INTRODUCTION xvii xix PARTI PL/SQL Fundamentals 1 Oracle Development Overview 3 History and Background

More information

An Oracle White Paper June 2014. RESTful Web Services for the Oracle Database Cloud - Multitenant Edition

An Oracle White Paper June 2014. RESTful Web Services for the Oracle Database Cloud - Multitenant Edition An Oracle White Paper June 2014 RESTful Web Services for the Oracle Database Cloud - Multitenant Edition 1 Table of Contents Introduction to RESTful Web Services... 3 Architecture of Oracle Database Cloud

More information

Securing Data on Microsoft SQL Server 2012

Securing Data on Microsoft SQL Server 2012 Securing Data on Microsoft SQL Server 2012 Course 55096 The goal of this two-day instructor-led course is to provide students with the database and SQL server security knowledge and skills necessary to

More information

Securing SQL Server. Protecting Your Database from. Second Edition. Attackers. Denny Cherry. Michael Cross. Technical Editor ELSEVIER

Securing SQL Server. Protecting Your Database from. Second Edition. Attackers. Denny Cherry. Michael Cross. Technical Editor ELSEVIER Securing SQL Server Second Edition Protecting Your Database from Attackers Denny Cherry Technical Editor Michael Cross AMSTERDAM BOSTON HEIDELBERG LONDON ELSEVIER NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO

More information

Integrity 10. Curriculum Guide

Integrity 10. Curriculum Guide Integrity 10 Curriculum Guide Live Classroom Curriculum Guide Integrity 10 Workflows and Documents Administration Training Integrity 10 SCM Administration Training Integrity 10 SCM Basic User Training

More information

Oracle Database 11g Security Essentials

Oracle Database 11g Security Essentials Oracle 1z0-528 Oracle Database 11g Security Essentials Version: 4.2 QUESTION NO: 1 Oracle 1z0-528 Exam Which of the following tasks is the first task to perform when implementing Oracle Database Vault?

More information

Pro SQL Server 2012. Reporting Services. Third Edition. mm m. Brian McDonald. Shawn McGehee. Rodney Landrum. Apress*

Pro SQL Server 2012. Reporting Services. Third Edition. mm m. Brian McDonald. Shawn McGehee. Rodney Landrum. Apress* Pro SQL Server 2012 Reporting Services Third Edition mm m Brian McDonald Shawn McGehee Rodney Landrum Apress* Contents About the Authors About the Technical Reviewers Acknowledgments m Introduction xvn

More information

MatriXay WEB Application Vulnerability Scanner V 5.0. 1. Overview. (DAS- WEBScan ) - - - - - The best WEB application assessment tool

MatriXay WEB Application Vulnerability Scanner V 5.0. 1. Overview. (DAS- WEBScan ) - - - - - The best WEB application assessment tool MatriXay DAS-WEBScan MatriXay WEB Application Vulnerability Scanner V 5.0 (DAS- WEBScan ) - - - - - The best WEB application assessment tool 1. Overview MatriXay DAS- Webscan is a specific application

More information

Oracle Database 11g: Security

Oracle Database 11g: Security Oracle University Entre em contato: 0800 891 6502 Oracle Database 11g: Security Duração: 5 Dias Objetivos do Curso In Oracle Database 11g: Security course students learn how they can use Oracle database

More information

MS-55096: Securing Data on Microsoft SQL Server 2012

MS-55096: Securing Data on Microsoft SQL Server 2012 MS-55096: Securing Data on Microsoft SQL Server 2012 Description The goal of this two-day instructor-led course is to provide students with the database and SQL server security knowledge and skills necessary

More information

Mastering Tomcat Development

Mastering Tomcat Development hep/ Mastering Tomcat Development Ian McFarland Peter Harrison '. \ Wiley Publishing, Inc. ' Part I Chapter 1 Chapter 2 Acknowledgments About the Author Introduction Tomcat Configuration and Management

More information

Expert Oracle Enterprise

Expert Oracle Enterprise Expert Oracle Enterprise Manager 12c Kellyn Pot'vin Anand Akela Gokhan Atil Bobby Curtis Alex Gorbachev Niall Litchfield Leighton Nelson Pete Sharman Apress' Contents J About the Authors About the Technical

More information

Pro NuGet. Second Edition. Maarten Balliauw. Xavier Decoster

Pro NuGet. Second Edition. Maarten Balliauw. Xavier Decoster Pro NuGet Second Edition Maarten Balliauw Xavier Decoster Contents About the Authors About the Technical Reviewers Foreword The Bigger Picture xvii xix xxi xxiii (^Chapter 1: Getting Started 1 Preparing

More information

NetIQ Identity Manager Setup Guide

NetIQ Identity Manager Setup Guide NetIQ Identity Manager Setup Guide July 2015 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE

More information

Oracle Application Express and Oracle E-Business Suite. Love and Mariage!

Oracle Application Express and Oracle E-Business Suite. Love and Mariage! Oracle Application Express and Oracle E-Business Suite Love and Mariage! Content 1 2 3 4 5 About me EBS Development Challenges EBS and APEX Examples of APEX extension for EBS Conclusion 2 Sylvain Martel

More information

Web Security Testing Cookbook*

Web Security Testing Cookbook* Web Security Testing Cookbook* Systematic Techniques to Find Problems Fast Paco Hope and Ben Walther O'REILLY' Beijing Cambridge Farnham Koln Sebastopol Tokyo Table of Contents Foreword Preface xiii xv

More information

Check list for web developers

Check list for web developers Check list for web developers Requirement Yes No Remarks 1. Input Validation 1.1) Have you done input validation for all the user inputs using white listing and/or sanitization? 1.2) Does the input validation

More information

Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de

Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de Microsoft Forefront TMG How to use SQL Server 2008 Express Reporting Services Abstract In this

More information

Workflow Administration of Windchill 10.2

Workflow Administration of Windchill 10.2 Workflow Administration of Windchill 10.2 Overview Course Code Course Length TRN-4339-T 2 Days In this course, you will learn about Windchill workflow features and how to design, configure, and test workflow

More information

Oracle Database 11 g Performance Tuning. Recipes. Sam R. Alapati Darl Kuhn Bill Padfield. Apress*

Oracle Database 11 g Performance Tuning. Recipes. Sam R. Alapati Darl Kuhn Bill Padfield. Apress* Oracle Database 11 g Performance Tuning Recipes Sam R. Alapati Darl Kuhn Bill Padfield Apress* Contents About the Authors About the Technical Reviewer Acknowledgments xvi xvii xviii Chapter 1: Optimizing

More information

Oracle Database Security

Oracle Database Security breaking through barriers to progress By Raman Jathar an award winning '2004 Future 50 Company' 18650 W. Corporate Drive Suite 120 Brookfield, WI 53045 262.792.0200 Database Security Lately, database security

More information

WebMarshal User Guide

WebMarshal User Guide WebMarshal User Guide Legal Notice Copyright 2014 Trustwave Holdings, Inc. All rights reserved. This document is protected by copyright and any distribution, reproduction, copying, or decompilation is

More information

Dealer Tutorial. Uplink Customer Service 1-888-9UPLINK sales@uplink.com. 2010 Uplink Security, LLC. All rights reserved.

Dealer Tutorial. Uplink Customer Service 1-888-9UPLINK sales@uplink.com. 2010 Uplink Security, LLC. All rights reserved. Welcome to the u-traq Dealer Tutorial Uplink Customer Service 1-888-9UPLINK sales@uplink.com 2010 Uplink Security, LLC. All rights reserved. Table of Contents I. Device Overview Introduction to u-traq

More information

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security

More information

Training Guide: Configuring Windows8 8

Training Guide: Configuring Windows8 8 Training Guide: Configuring Windows8 8 Scott D. Lowe Derek Schauland Rick W. Vanover Introduction System requirements Practice setup instructions Acknowledgments Errata & book support We want to hear from

More information

Oracle. Brief Course Content This course can be done in modular form as per the detail below. ORA-1 Oracle Database 10g: SQL 4 Weeks 4000/-

Oracle. Brief Course Content This course can be done in modular form as per the detail below. ORA-1 Oracle Database 10g: SQL 4 Weeks 4000/- Oracle Objective: Oracle has many advantages and features that makes it popular and thereby makes it as the world's largest enterprise software company. Oracle is used for almost all large application

More information

BSM 9.0 ESSENTIALS. Instructor-Led Training

BSM 9.0 ESSENTIALS. Instructor-Led Training BSM 9.0 ESSENTIALS Instructor-Led Training INTENDED AUDIENCE New users of Business Service Management (BSM) 9.0, including: Database Administrators System Administrators Network Administrators Operations

More information

<Insert Picture Here> Michael Hichwa VP Database Development Tools michael.hichwa@oracle.com Stuttgart September 18, 2007 Hamburg September 20, 2007

<Insert Picture Here> Michael Hichwa VP Database Development Tools michael.hichwa@oracle.com Stuttgart September 18, 2007 Hamburg September 20, 2007 Michael Hichwa VP Database Development Tools michael.hichwa@oracle.com Stuttgart September 18, 2007 Hamburg September 20, 2007 Oracle Application Express Introduction Architecture

More information

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved.

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. 1 Copyright 2011, Oracle and/or its affiliates. All rights 2 Copyright 2011, Oracle and/or its affiliates. All rights Oracle Database Cloud Service Marc Sewtz Senior Software Development Manager Oracle

More information

Chapter 1 Web Application (In)security 1

Chapter 1 Web Application (In)security 1 Introduction xxiii Chapter 1 Web Application (In)security 1 The Evolution of Web Applications 2 Common Web Application Functions 4 Benefits of Web Applications 5 Web Application Security 6 "This Site Is

More information

JVA-122. Secure Java Web Development

JVA-122. Secure Java Web Development JVA-122. Secure Java Web Development Version 7.0 This comprehensive course shows experienced developers of Java EE applications how to secure those applications and to apply best practices with regard

More information

REDCap General Security Overview

REDCap General Security Overview REDCap General Security Overview Introduction REDCap is a web application for building and managing online surveys and databases, and thus proper security practices must instituted on the network and server(s)

More information

Hayri Tarhan, Sr. Manager, Public Sector Security, Oracle Ron Carovano, Manager, Business Development, F5 Networks

Hayri Tarhan, Sr. Manager, Public Sector Security, Oracle Ron Carovano, Manager, Business Development, F5 Networks EXTENDING ACCESS WHILE ENHANCING CONTROL FOR YOUR ORGANIZATION S DATA LEVERAGE THE POWER OF F5 AND ORACLE TO DELIVER SECURE ACCESS TO APPLICATIONS AND DATABASES Hayri Tarhan, Sr. Manager, Public Sector

More information

05.0 Application Development

05.0 Application Development Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development

More information

Practical ASRNET. Web API. Badrinarayanan Lakshmiraghavan. Apress*

Practical ASRNET. Web API. Badrinarayanan Lakshmiraghavan. Apress* Practical ASRNET Web API Badrinarayanan Lakshmiraghavan Apress* Contents J About the Author About the Technical Reviewer Introduction xiii xv xvii Chapter 1: Building a Basic Web API 1 1.1 Choosing ASP.NET

More information

Criteria for web application security check. Version 2015.1

Criteria for web application security check. Version 2015.1 Criteria for web application security check Version 2015.1 i Content Introduction... iii ISC- P- 001 ISC- P- 001.1 ISC- P- 001.2 ISC- P- 001.3 ISC- P- 001.4 ISC- P- 001.5 ISC- P- 001.6 ISC- P- 001.7 ISC-

More information

New Features... 1 Installation... 3 Upgrade Changes... 3 Fixed Limitations... 4 Known Limitations... 5 Informatica Global Customer Support...

New Features... 1 Installation... 3 Upgrade Changes... 3 Fixed Limitations... 4 Known Limitations... 5 Informatica Global Customer Support... Informatica Corporation B2B Data Exchange Version 9.5.0 Release Notes June 2012 Copyright (c) 2006-2012 Informatica Corporation. All rights reserved. Contents New Features... 1 Installation... 3 Upgrade

More information

Application Security Policy

Application Security Policy Purpose This document establishes the corporate policy and standards for ensuring that applications developed or purchased at LandStar Title Agency, Inc meet a minimum acceptable level of security. Policy

More information

Information Technology Policy

Information Technology Policy Information Technology Policy Enterprise Web Application Firewall ITP Number ITP-SEC004 Category Recommended Policy Contact RA-ITCentral@pa.gov Effective Date January 15, 2010 Supersedes Scheduled Review

More information

Installing Globodox Web Client on Windows Server 2012

Installing Globodox Web Client on Windows Server 2012 Installing Globodox Web Client on Windows Server 2012 Make sure that the Globodox Desktop Client is installed. Make sure it is not running. Note: Please click on Allow or Continue for all required UAC

More information

nexus Hybrid Access Gateway

nexus Hybrid Access Gateway Product Sheet nexus Hybrid Access Gateway nexus Hybrid Access Gateway nexus Hybrid Access Gateway uses the inherent simplicity of virtual appliances to create matchless security, even beyond the boundaries

More information

REDCap Technical Overview

REDCap Technical Overview REDCap Technical Overview Introduction REDCap is a web application for building and managing online surveys and databases. This document delineates many of the broader technical aspects of REDCap, such

More information

Procase Consulting. APEX 4.1 Introduction. Oleg Mochkin

Procase Consulting. APEX 4.1 Introduction. Oleg Mochkin Procase Consulting APEX 4.1 Introduction Oleg Mochkin 1 APEX Users 2 APEX Express Use Cases 3 APEX as Solution Unique RAD tools for Oracle Database Browser based development Declarative way to build Web

More information

Oracle 1Z0-528 Exam Questions & Answers

Oracle 1Z0-528 Exam Questions & Answers Oracle 1Z0-528 Exam Questions & Answers Number: 1Z0-528 Passing Score: 660 Time Limit: 120 min File Version: 21.1 http://www.gratisexam.com/ Oracle 1Z0-528 Exam Questions & Answers Exam Name: Oracle Database

More information

GlassFish Security. open source community experience distilled. security measures. Secure your GlassFish installation, Web applications,

GlassFish Security. open source community experience distilled. security measures. Secure your GlassFish installation, Web applications, GlassFish Security Secure your GlassFish installation, Web applications, EJB applications, application client module, and Web Services using Java EE and GlassFish security measures Masoud Kalali PUBLISHING

More information

Oracle Fusion Middleware

Oracle Fusion Middleware Oracle Fusion Middleware Administrator s Guide for Oracle Directory Integration Platform 11g Release 1 (11.1.1) E10031-03 April 2010 Oracle Fusion Middleware Administrator's Guide for Oracle Directory

More information

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Copyright 2013, Oracle and/or its affiliates. All rights reserved. 1 Security Inside-Out with Oracle Database 12c Denise Mallin, CISSP Oracle Enterprise Architect - Security The following is intended to outline our general product direction. It is intended for information

More information

Novell Access Manager

Novell Access Manager Novell Access Manager Product Overview Kiran Mova Agenda Introduction Architecture IDP AG SSL VPN Administration Console How it works? Web SSO Federation SSO Protect HTTP Resources Protect non-http Resources

More information

Microsoft. Microsoft SQL Server. 2012 Integration Services. Wee-Hyong Tok. Rakesh Parida Matt Masson. Xiaoning Ding. Kaarthik Sivashanmugam

Microsoft. Microsoft SQL Server. 2012 Integration Services. Wee-Hyong Tok. Rakesh Parida Matt Masson. Xiaoning Ding. Kaarthik Sivashanmugam Microsoft Microsoft SQL Server 2012 Integration Services Wee-Hyong Tok Rakesh Parida Matt Masson Xiaoning Ding Kaarthik Sivashanmugam Contents Foreword Introduction xxi xxiii PART I OVERVIEW Chapter 1

More information

PARTNER INTEGRATION GUIDE. Edition 1.0

PARTNER INTEGRATION GUIDE. Edition 1.0 PARTNER INTEGRATION GUIDE Edition 1.0 Last Revised December 11, 2014 Overview This document provides standards and guidance for USAA partners when considering integration with USAA. It is an overview of

More information

Onegini Token server / Web API Platform

Onegini Token server / Web API Platform Onegini Token server / Web API Platform Companies and users interact securely by sharing data between different applications The Onegini Token server is a complete solution for managing your customer s

More information

Implementing and Administering an Enterprise SharePoint Environment

Implementing and Administering an Enterprise SharePoint Environment Implementing and Administering an Enterprise SharePoint Environment There are numerous planning and management issues that your team needs to address when deploying SharePoint. This process can be simplified

More information

Securing Data in Oracle Database 12c

Securing Data in Oracle Database 12c Securing Data in Oracle Database 12c Thomas Kyte http://asktom.oracle.com/ Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes

More information

Design and Implementation

Design and Implementation Pro SQL Server 2012 Relational Database Design and Implementation Louis Davidson with Jessica M. Moss Apress- Contents Foreword About the Author About the Technical Reviewer Acknowledgments Introduction

More information

ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA. ( r öc) CRC Press VV J Taylor & Francis Group ^ "^ Boca Raton London New York

ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA. ( r öc) CRC Press VV J Taylor & Francis Group ^ ^ Boca Raton London New York ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA ( r öc) CRC Press VV J Taylor & Francis Group ^ "^ Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Croup, an

More information

DBMS Questions. 3.) For which two constraints are indexes created when the constraint is added?

DBMS Questions. 3.) For which two constraints are indexes created when the constraint is added? DBMS Questions 1.) Which type of file is part of the Oracle database? A.) B.) C.) D.) Control file Password file Parameter files Archived log files 2.) Which statements are use to UNLOCK the user? A.)

More information

Apple Pro Training Series. OS X Server. Essentials. Arek Dreyer. and Ben Greisler

Apple Pro Training Series. OS X Server. Essentials. Arek Dreyer. and Ben Greisler Apple Pro Training Series OS X Server Essentials Arek Dreyer and Ben Greisler Table of Contents Configuring and Monitoring OS X Server Lesson 1 About This Guide 3 Learning Methodology 4 Lesson Structure

More information

Spring Security 3. rpafktl Pen source. intruders with this easy to follow practical guide. Secure your web applications against malicious

Spring Security 3. rpafktl Pen source. intruders with this easy to follow practical guide. Secure your web applications against malicious Spring Security 3 Secure your web applications against malicious intruders with this easy to follow practical guide Peter Mularien rpafktl Pen source cfb II nv.iv I I community experience distilled

More information

Social Network for Monitoring Behavior Change

Social Network for Monitoring Behavior Change Social Network for Monitoring Behavior Change Senior Design Group 11 Client: Yolanda Coil Advisor: Simanta Mitra Team #11: Gavin Monroe Nicholas Schramm Davendra Jayasingam Executive Summary This project

More information

Presented by Martin Giffy D Souza Email: Martin@ClariFit.com Blog: http://www.talkapex.com Web: http://www.clarifit.com

Presented by Martin Giffy D Souza Email: Martin@ClariFit.com Blog: http://www.talkapex.com Web: http://www.clarifit.com Presented by Martin Giffy D Souza Email: Martin@ClariFit.com Blog: http://www.talkapex.com Web: http://www.clarifit.com 1 CTO and Co-founder at ClariFit: http://www.clarifit.com Author of Oracle APEX blog:

More information

Basic & Advanced Administration for Citrix NetScaler 9.2

Basic & Advanced Administration for Citrix NetScaler 9.2 Basic & Advanced Administration for Citrix NetScaler 9.2 Day One Introducing and deploying Citrix NetScaler Key - Brief Introduction to the NetScaler system Planning a NetScaler deployment Deployment scenarios

More information

IIS 6: The Complete Reference

IIS 6: The Complete Reference IIS 6: The Complete Reference Hethe Henrickson Scott Hofmann HLllHB DarmStddt McGraw-Hill/Osborne New York Chicago San Francisco Lisbon London Madrid Mexico City urn1111 iiurnii, f H 15905980 Seoul Singapore

More information

SECURITY DOCUMENT. BetterTranslationTechnology

SECURITY DOCUMENT. BetterTranslationTechnology SECURITY DOCUMENT BetterTranslationTechnology XTM Security Document Documentation for XTM Version 6.2 Published by XTM International Ltd. Copyright XTM International Ltd. All rights reserved. No part of

More information

TIBCO BusinessConnect Trading Partner Administration. Software Release 6.0 November 2011

TIBCO BusinessConnect Trading Partner Administration. Software Release 6.0 November 2011 TIBCO BusinessConnect Trading Partner Administration Software Release 6.0 November 2011 Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED

More information

Oracle Architecture, Concepts & Facilities

Oracle Architecture, Concepts & Facilities COURSE CODE: COURSE TITLE: CURRENCY: AUDIENCE: ORAACF Oracle Architecture, Concepts & Facilities 10g & 11g Database administrators, system administrators and developers PREREQUISITES: At least 1 year of

More information

Oracle Database 10g: Administration Workshop II Release 2

Oracle Database 10g: Administration Workshop II Release 2 ORACLE UNIVERSITY CONTACT US: 00 9714 390 9000 Oracle Database 10g: Administration Workshop II Release 2 Duration: 5 Days What you will learn This course advances your success as an Oracle professional

More information

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary Course Summary Description The objective of this course is to provide the foundational concepts and teach the skills necessary to implement, configure, secure and monitor a Citrix NetScaler system with

More information

Administrator's Guide

Administrator's Guide Administrator's Guide BitDefender Management Server 3.6 Administrator's Guide Publication date 2014.09.12 Copyright 2014 BitDefender Legal Notice All rights reserved. No part of this book may be reproduced

More information

TIBCO Spotfire Web Player 6.0. Installation and Configuration Manual

TIBCO Spotfire Web Player 6.0. Installation and Configuration Manual TIBCO Spotfire Web Player 6.0 Installation and Configuration Manual Revision date: 12 November 2013 Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED

More information

Oracle Identity Management Concepts and Architecture. An Oracle White Paper December 2003

Oracle Identity Management Concepts and Architecture. An Oracle White Paper December 2003 Oracle Identity Management Concepts and Architecture An Oracle White Paper December 2003 Oracle Identity Management Concepts and Architecture Introduction... 3 Identity management... 3 What is Identity

More information

Web Plus Security Features and Recommendations

Web Plus Security Features and Recommendations Web Plus Security Features and Recommendations (Based on Web Plus Version 3.x) Centers for Disease Control and Prevention National Center for Chronic Disease Prevention and Health Promotion Division of

More information