Thursday, February 07, 2008

Security: How to Hack an Oracle Application Express Application

I will be presenting at both the Northeast Oracle Users Group (NOUG) Training Day on 5 March 2008 and at the Oracle Development Tools User Group Kaleidoscope 2008 on 18 June 2008, 2:45 - 3:45 pm.

Oracle's Application Express (APEX) allows developers to quickly build highly functional applications that interact with an Oracle database. APEX dynamically generates HTML applications (hence the former name, HTML DB). All HTML applications share some attributes that expose them to potential hacking. APEX has many features that will allow developers to lock down their applications – or to expose them to hacking. I will show (live!) a number of techniques that can be used to hack HTML applications—and how to close these holes within APEX and where APEX may expose these holes through its wizards. Naturally, I will show how to protect against any hack that I demonstrate. The session will be interactive with the audience participating in ways to hack and prevent hacks. This is truly a session that can benefit the novice to the highly advanced APEX developer.

This is the same module that C2 Consulting teaches in its Application Express classes.