Skip to main content

Where Did You Go?

Not only is the title of this post a great song by one of my all time favorite bands (extra credit if you can name them w/out using Google) but is a question that some of you have been wondering...

Most of my time the past few months has been spent on designing & developing sumnevaSERT - a security evaluation tool built in APEX for APEX. sumnevaSERT is the result of working with many customers over the past few years and realizing that they spent very little time reviewing the security of their APEX applications. They all had the same exact reason for neglecting them: no time.

 sumnevaSERT makes it blindingly simple to evaluate an APEX application for a number of potential security flaws. It slices through the APEX metadata and produces a single score based on what it finds. You can then drill into any of the categories to see details and advice on how to fix what it finds.

 Despite releasing it today, we've already got a list of exciting new features and enhancements - many of which will make it even easier and faster to secure your applications.

 Check out the sumnevaSERT page on our website: http://sumneva.com/sert - or, if you're interested in a free trial, drop us a line at info@sumneva.com

Comments

Scott said…
Nope.

- Scott -
Raymond said…
Jets Overhead, just happen to have an album with that song.

Popular posts from this blog

Logging APEX Report Downloads

A customer recently asked how APEX could track who clicked “download” from an Interactive Grid.  After some quick searching of the logs, I realized that APEX simply does not record this type of activity, aside from a simple page view type of “AJAX” entry.  This was not specific enough, and of course, led to the next question - can we prevent users from downloading data from a grid entirely?

I knew that any Javascript-based solution would fall short of their security requirements, since it is trivial to reconstruct the URL pattern required to initiate a download, even if the Javascript had removed the option from the menu.  Thus, I had to consider a PL/SQL-based approach - one that could not be bypassed by a malicious end user.

To solve this problem, I turned to APEX’s Initialization PL/SQL Code parameter.  Any PL/SQL code entered in this region will be executed before any other APEX-related process.  Thus, it is literally the first place that a developer can interact with an APEX page…

Thanks, ODC (Oracle Developer Community)!

I owe a lot of thanks to the ODC - which stands for Oracle Developer Community.  What is ODC?  You may remember it as OTN, or the Oracle Technology Network.  Same people, different name.  Why they changed it I can't say.  People just liked it better that way... (love that song)

In any case, what am I thankful for?  A lot.  To start, the tools that I use day in and day out: SQL Developer, ORDS, Oracle Data Modeler, SQLcl and - of course - APEX.  Without these tools, I'm likely on a completely different career path, perhaps even one that aligns more closely with my degree in television management.

While the tools are great, it's really the people that make up the community that make ODC stand out. From the folks who run ODC and the Oracle ACE program to the developers and product managers who are behind the awesome tools, the ODC community is one of, if not the greatest asset of being involved with Oracle's products.

If you have yet to get more involved with this communi…

Custom Export to CSV

It's been a while since I've updated my blog. I've been quite busy lately, and just have not had the time that I used to. We're expecting our 1st child in just a few short weeks now, so most of my free time has been spent learning Lamaze breathing, making the weekly run to Babies R Us, and relocating my office from the larger room upstairs to the smaller one downstairs - which I do happen to like MUCH more than I had anticipated. I have everything I need within a short walk - a bathroom, beer fridge, and 52" HD TV. I only need to go upstairs to eat and sleep now, but alas, this will all change soon...

Recently, I was asked if you could change the way Export to CSV in ApEx works. The short answer is, of course, no. But it's not too difficult to "roll your own" CSV export procedure.

Why would you want to do this? Well, the customer's requirement was to manipulate some data when the Export link was clicked, and then export it to CSV in a format…