https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=James+VaughanOWASP - User contributions [en]2026-05-28T13:05:33ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=ApEx:SQL_injection&diff=158274ApEx:SQL injection2013-09-11T16:39:16Z<p>James Vaughan: </p>
<hr />
<div>Don't use substitution variables & but bind variables :<br />
<br />
== References ==<br />
<br />
At KScope 2013, a presentation was given about SQL Injection in Oracle APEX applications. The two demonstrations given during this presentation are available as videos:<br />
<br />
* [1] [http://bit.ly/14Ybo21 APEX SQL Injection demonstration 1 (dynamic SQL and SQLMAP)]<br />
* [2] [http://bit.ly/137HDgm APEX SQL Injection demonstration 2 (substitution variables and manual exploitation)]</div>James Vaughanhttps://wiki.owasp.org/index.php?title=Application_Express_(ApEx)&diff=158273Application Express (ApEx)2013-09-11T16:38:47Z<p>James Vaughan: </p>
<hr />
<div>Oracle Application Express (Oracle APEX), formerly called HTML DB, is a rapid web application development tool for the Oracle database. Using only a web browser and limited programming experience, you can develop and deploy professional applications that are both fast and secure. Oracle application express combines the qualities of a personal database, productivity, ease of use, and flexibility with the qualities of an enterprise database, security, integrity, scalability, availability and built for the web. Application Express is a tool to build web-based applications and the application development environment is also conveniently web-based.<br />
<br />
''A more generic description is needed, this is a copy from the Oracle ApEx Site''<br />
<br />
* [[ApEx:XSS]]<br />
* [[ApEx:SQL injection]]<br />
* [[ApEx:URL Tampering]]<br />
* [[ApEx:Authentication]]<br />
* [[ApEx:Authorization Schemes]]<br />
* [[ApEx:Defence in depth]]<br />
* [[ApEx:Configuration]]<br />
* [[ApEx:Google dorks]]<br />
* [[ApEx:Architecture]]<br />
<br />
== References ==<br />
* [1] [http://www.oracle.com/technology/products/database/application_express/html/what_is_apex.html Official Oracle APEX website]<br />
<br />
=== External Resources ===<br />
<br />
There have been two books written specifically about Oracle APEX and security, both released in 2013.<br />
<br />
* [1] [http://www.amazon.com/Application-Express-Security-Experts-ebook/dp/B00ACC6AO6/ Expert Oracle Application Express Security]<br />
* [2] [http://apexsec.recx.co.uk/apex-security-ebook/ Hands-On Oracle Application Express Security: Building Secure Apex Applications]<br />
<br />
[[Category:OWASP Oracle Project]]<br />
[[Category:Development]]</div>James Vaughanhttps://wiki.owasp.org/index.php?title=Application_Express_(ApEx)&diff=158272Application Express (ApEx)2013-09-11T16:37:33Z<p>James Vaughan: Change ApEx to APEX in references</p>
<hr />
<div>Oracle Application Express (Oracle APEX), formerly called HTML DB, is a rapid web application development tool for the Oracle database. Using only a web browser and limited programming experience, you can develop and deploy professional applications that are both fast and secure. Oracle application express combines the qualities of a personal database, productivity, ease of use, and flexibility with the qualities of an enterprise database, security, integrity, scalability, availability and built for the web. Application Express is a tool to build web-based applications and the application development environment is also conveniently web-based.<br />
<br />
''A more generic description is needed, this is a copy from the Oracle ApEx Site''<br />
<br />
* [[ApEx:XSS]]<br />
* [[ApEx:SQL injection]]<br />
* [[ApEx:URL Tampering]]<br />
* [[ApEx:Authentication]]<br />
* [[ApEx:Authorization Schemes]]<br />
* [[ApEx:Defence in depth]]<br />
* [[ApEx:Configuration]]<br />
* [[ApEx:Google dorks]]<br />
* [[ApEx:Architecture]]<br />
<br />
== References ==<br />
* [1] [http://www.oracle.com/technology/products/database/application_express/html/what_is_apex.html Official Oracle APEX website]<br />
<br />
=== External Resources ===<br />
<br />
There have been two books written specifically about Oracle APEX and security, both released in 2013.<br />
<br />
[1] [http://www.amazon.com/Application-Express-Security-Experts-ebook/dp/B00ACC6AO6/ Expert Oracle Application Express Security]<br><br />
[2] [http://apexsec.recx.co.uk/apex-security-ebook/ Hands-On Oracle Application Express Security: Building Secure Apex Applications]<br />
<br />
[[Category:OWASP Oracle Project]]<br />
[[Category:Development]]</div>James Vaughanhttps://wiki.owasp.org/index.php?title=Application_Express_(ApEx)&diff=158271Application Express (ApEx)2013-09-11T16:37:08Z<p>James Vaughan: </p>
<hr />
<div>Oracle Application Express (Oracle APEX), formerly called HTML DB, is a rapid web application development tool for the Oracle database. Using only a web browser and limited programming experience, you can develop and deploy professional applications that are both fast and secure. Oracle application express combines the qualities of a personal database, productivity, ease of use, and flexibility with the qualities of an enterprise database, security, integrity, scalability, availability and built for the web. Application Express is a tool to build web-based applications and the application development environment is also conveniently web-based.<br />
<br />
''A more generic description is needed, this is a copy from the Oracle ApEx Site''<br />
<br />
* [[ApEx:XSS]]<br />
* [[ApEx:SQL injection]]<br />
* [[ApEx:URL Tampering]]<br />
* [[ApEx:Authentication]]<br />
* [[ApEx:Authorization Schemes]]<br />
* [[ApEx:Defence in depth]]<br />
* [[ApEx:Configuration]]<br />
* [[ApEx:Google dorks]]<br />
* [[ApEx:Architecture]]<br />
<br />
== References ==<br />
* [1] [http://www.oracle.com/technology/products/database/application_express/html/what_is_apex.html Official Oracle ApEx website]<br />
<br />
=== External Resources ===<br />
<br />
There have been two books written specifically about Oracle APEX and security, both released in 2013.<br />
<br />
[1] [http://www.amazon.com/Application-Express-Security-Experts-ebook/dp/B00ACC6AO6/ Expert Oracle Application Express Security]<br><br />
[2] [http://apexsec.recx.co.uk/apex-security-ebook/ Hands-On Oracle Application Express Security: Building Secure Apex Applications]<br />
<br />
[[Category:OWASP Oracle Project]]<br />
[[Category:Development]]</div>James Vaughanhttps://wiki.owasp.org/index.php?title=ApEx:SQL_injection&diff=158270ApEx:SQL injection2013-09-11T15:24:34Z<p>James Vaughan: Added a references section, which includes two external links to videos demonstrating SQL injection into Oracle APEX applications given at KScope 2013.</p>
<hr />
<div>Don't use substitution variables & but bind variables :<br />
<br />
== References ==<br />
<br />
At KScope 2013, a presentation was given about SQL Injection in Oracle APEX applications. The two demonstrations given during this presentation are available as videos:<br />
<br />
* [1] [http://bit.ly/14Ybo21 APEX SQL Injection demonstration 1 (dynamic SQL and SQLMAP)]<br><br />
* [2] [http://bit.ly/137HDgm APEX SQL Injection demonstration 2 (substitution variables and manual exploitation)]</div>James Vaughanhttps://wiki.owasp.org/index.php?title=Application_Express_(ApEx)&diff=158269Application Express (ApEx)2013-09-11T15:21:44Z<p>James Vaughan: Added two external references to books that have been authored on the subject of Oracle Application Express security.</p>
<hr />
<div>Oracle Application Express (Oracle APEX), formerly called HTML DB, is a rapid web application development tool for the Oracle database. Using only a web browser and limited programming experience, you can develop and deploy professional applications that are both fast and secure. Oracle application express combines the qualities of a personal database, productivity, ease of use, and flexibility with the qualities of an enterprise database, security, integrity, scalability, availability and built for the web. Application Express is a tool to build web-based applications and the application development environment is also conveniently web-based.<br />
<br />
''A more generic description is needed, this is a copy from the Oracle ApEx Site''<br />
<br />
* [[ApEx:XSS]]<br />
* [[ApEx:SQL injection]]<br />
* [[ApEx:URL Tampering]]<br />
* [[ApEx:Authentication]]<br />
* [[ApEx:Authorization Schemes]]<br />
* [[ApEx:Defence in depth]]<br />
* [[ApEx:Configuration]]<br />
* [[ApEx:Google dorks]]<br />
* [[ApEx:Architecture]]<br />
<br />
== References ==<br />
* [1] [http://www.oracle.com/technology/products/database/application_express/html/what_is_apex.html Official Oracle ApEx website]<br />
<br />
=== External Resources ===<br />
<br />
There have been two books written specifically about Oracle APEX and security, both released in 2013.<br />
<br />
[1] [http://www.amazon.com/Application-Express-Security-Experts-ebook/dp/B00ACC6AO6/ Expert Oracle Application Express Security]<br><br />
[2] [http://www.amazon.com/Hands-On-Application-Express-Security-ebook/dp/B00CIBNS4E/ Hands-On Oracle Application Express Security: Building Secure Apex Applications]<br />
<br />
[[Category:OWASP Oracle Project]]<br />
[[Category:Development]]</div>James Vaughanhttps://wiki.owasp.org/index.php?title=User:James_Vaughan&diff=158268User:James Vaughan2013-09-11T15:19:30Z<p>James Vaughan: </p>
<hr />
<div>= Company Declaration =<br />
<br />
I work at [http://www.recx.co.uk/ Recx] where we do security consulting and some security products. We sell an application security product, ApexSec which is designed to inspect Oracle [[Application_Express_(ApEx)]] applications.</div>James Vaughanhttps://wiki.owasp.org/index.php?title=User:James_Vaughan&diff=158267User:James Vaughan2013-09-11T15:18:43Z<p>James Vaughan: </p>
<hr />
<div>= Company Declaration =<br />
<br />
I work at [http://www.recx.co.uk/ Recx] where we do security consulting and some security products. We sell an application security product, ApexSec which is designed to inspect [[Application_Express_(ApEx) Oracle Application Express]] applications.</div>James Vaughanhttps://wiki.owasp.org/index.php?title=User:James_Vaughan&diff=158266User:James Vaughan2013-09-11T15:17:29Z<p>James Vaughan: </p>
<hr />
<div>= Company Declaration =<br />
<br />
I work at [http://www.recx.co.uk/ Recx] where we do security consulting and some security products. We sell an application security product, ApexSec which is designed to inspect Oracle Application Express applications.</div>James Vaughanhttps://wiki.owasp.org/index.php?title=User:James_Vaughan&diff=158265User:James Vaughan2013-09-11T15:16:00Z<p>James Vaughan: </p>
<hr />
<div>= Company Declaration =</div>James Vaughan