Sumário Itens Encontrados: 195Chapter 1: Threat AnalysisAssessmentHome Security AssessmentApplication Security AssessmentData and PrivilegesTypes of ThreatsPreventableUnpreventableChapter 2: Implementing a Security PlanWhat Is a Security Plan?Risk AnalysisAccess ControlData AccessAuditing and MonitoringApplication ManagementDesignDevelopmentContingencyReview and RevisionSecurity ReviewsAutomated ReviewsManual ReviewsSimulating a BreachChapter 3: APEX ArchitectureOverview of APEXAdministration ConsoleManaging RequestsManaging InstancesManaging WorkspacesMonitoring ActivityWorkspacesUsers and RolesSchema MappingsComponentsArchitectureMetadata-Based ArchitectureSchemasTransactionsThe f Procedure and WWV_FLOW.SHOWThe WWV_FLOW.ACCEPT ProcedureSession StateInfrastructureEmbedded PL/SQL GatewayOracle HTTP Server and mod_plsqlAPEX ListenerChapter 4: Instance SettingsOverviewRuntime ModeThe Instance Administration APIThe Instance Administrator Database RoleOther OptionsConfiguration and ManagementManage Instance SettingsFeature ConfigurationSecurityInstance Configuration SettingsLogs and FilesMessagesSelf Service Sign UpManage WorkspacesCreate WorkspaceCreate Multiple WorkspacesRemove WorkspaceLock WorkspaceManage Workspace to Schema AssignmentsManage Developers and UsersManage Component AvailabilityExport and ImportView Workspace ReportsManage ApplicationsView Application AttributesMonitor ActivityRealtime Monitor ReportsArchived Activity ReportsDashboard ReportChapter 5: Workspace SettingsManage ServiceService RequestsWorkspace PreferencesManage Meta DataManage Users and GroupsUser TypesManaging UsersManaging GroupsWorkspace Management Best PracticesChapter 6: Application SettingsApplication SettingsDefinitionSecurity AttributesUser InterfacePage and Region SettingsPage SettingsRegion SettingsReport SettingsMobile ApplicationsHesitancy Toward Corporate AdoptionMobile Considerations for SecurityChapter 7: Application ThreatsSQL InjectionAnatomy of an AttackSQL Injection in APEXBind Variable Notation and Dynamic SQL in APEXCross-Site ScriptingReflexive AttacksPersistent AttacksSanitizing DataRestricted CharactersAPEX_ESCAPEColumn FormattingEscaping Regions and ItemsProtecting CookiesFramesURL TamperingAuthorization InconsistenciesPage and Item ProtectionVirtual Private Database and Secure ViewsChapter 8: User AuthenticationTypes of Authentication SchemesApplication Express UsersDatabase AccountsHTTP Header VariableLDAP DirectoryNo Authentication (Using DAD)Open Door CredentialsOracle Application Server Single Sign-OnCustomAPIs for Custom AuthenticationCommon Authentication Scheme ComponentsSourceSession Not ValidLogin ProcessingPost Logout URLSession Cookie AttributesMechanics of AuthenticationThe Login PageLogin Page ProcessesLogging OutChapter 9: User AuthorizationAuthorization SchemesImplementing Authorization SchemesRole LocationTable-Based RolesGatekeeper Authorization SchemePage-Level Authorization SchemesAPEX Access ControlChapter 10: Secure Export to CSVAPEX Export OptionsMaximum Row CountColumn Restrictions: Standard ReportsColumn Restrictions: Interactive ReportsCustom Export to CSVRestricting Records with ROWNUMRestricting Records with PL/SQLChapter 11: Secure ViewsThe ViewSecure View ComponentsApplication ContextsPL/SQL ProcedureSecure View SQLBenefits and DrawbacksChapter 12: Virtual Private DatabaseThe Evolution of DataVPD BasicsIntegration with APEXVPD Policy FunctionColumn Masking and ObfuscationManaging VPD in Oracle Enterprise ManagerChapter 13: Shadow SchemaDatabase: Schema and Object CreationData Schema: ViewsRevoke PrivilegesSystem and User Event TriggerAPEX: Simple Form and ReportDML APIs and ProcessesGrants and SynonymsTable API ProcessesSecuring DataApplication ContextViewsSynonymPL/SQL Initialization CodeChapter 14: EncryptionEncryptionHTTPSAPEX HTTPS SettingsInstance Admin Console and Application Development EnvironmentApplicationsAPEX Item EncryptionData EncryptionDBMS_CRYPTOEncrypted CollectionsExampleAdvanced Security OptionTransparent Data EncryptionNetwork Encryption