Thursday, February 07, 2008

Security: How to Hack an Oracle Application Express Application

I will be presenting at both the Northeast Oracle Users Group (NOUG) Training Day on 5 March 2008 and at the Oracle Development Tools User Group Kaleidoscope 2008 on 18 June 2008, 2:45 - 3:45 pm.

Oracle's Application Express (APEX) allows developers to quickly build highly functional applications that interact with an Oracle database. APEX dynamically generates HTML applications (hence the former name, HTML DB). All HTML applications share some attributes that expose them to potential hacking. APEX has many features that will allow developers to lock down their applications – or to expose them to hacking. I will show (live!) a number of techniques that can be used to hack HTML applications—and how to close these holes within APEX and where APEX may expose these holes through its wizards. Naturally, I will show how to protect against any hack that I demonstrate. The session will be interactive with the audience participating in ways to hack and prevent hacks. This is truly a session that can benefit the novice to the highly advanced APEX developer.

This is the same module that C2 Consulting teaches in its Application Express classes.


Beverly said...

Will you be making the content of the presentation available here or elsewhere (for free or for purchase) for those who cannot attend the conference?

Anton Nielsen said...


I'm reluctant to just post the content of this presentation. It looks like you are at Oracle, so I would be happy to share it with you. You can drop me a note at C2 Consulting. Just click the link at the bottom of the page and go to the Contact tab. Ask to have the request sent to me.

Anton Nielsen

Janel said...

Hello Anton,
I see that you will be presenting this again at Kaleidoscope 09. Unfortunately you are sharing a time slot with about 3 other presentations I would like to attend. Do you know if the presentation will be made available for later viewing?