Skip to main content

Where Did You Go?

Not only is the title of this post a great song by one of my all time favorite bands (extra credit if you can name them w/out using Google) but is a question that some of you have been wondering...

Most of my time the past few months has been spent on designing & developing sumnevaSERT - a security evaluation tool built in APEX for APEX. sumnevaSERT is the result of working with many customers over the past few years and realizing that they spent very little time reviewing the security of their APEX applications. They all had the same exact reason for neglecting them: no time.

 sumnevaSERT makes it blindingly simple to evaluate an APEX application for a number of potential security flaws. It slices through the APEX metadata and produces a single score based on what it finds. You can then drill into any of the categories to see details and advice on how to fix what it finds.

 Despite releasing it today, we've already got a list of exciting new features and enhancements - many of which will make it even easier and faster to secure your applications.

 Check out the sumnevaSERT page on our website: http://sumneva.com/sert - or, if you're interested in a free trial, drop us a line at info@sumneva.com

Comments

Scott said…
Nope.

- Scott -
Raymond said…
Jets Overhead, just happen to have an album with that song.

Popular posts from this blog

Logging APEX Report Downloads

A customer recently asked how APEX could track who clicked “download” from an Interactive Grid.  After some quick searching of the logs, I realized that APEX simply does not record this type of activity, aside from a simple page view type of “AJAX” entry.  This was not specific enough, and of course, led to the next question - can we prevent users from downloading data from a grid entirely?

I knew that any Javascript-based solution would fall short of their security requirements, since it is trivial to reconstruct the URL pattern required to initiate a download, even if the Javascript had removed the option from the menu.  Thus, I had to consider a PL/SQL-based approach - one that could not be bypassed by a malicious end user.

To solve this problem, I turned to APEX’s Initialization PL/SQL Code parameter.  Any PL/SQL code entered in this region will be executed before any other APEX-related process.  Thus, it is literally the first place that a developer can interact with an APEX page…

Custom Export to CSV

It's been a while since I've updated my blog. I've been quite busy lately, and just have not had the time that I used to. We're expecting our 1st child in just a few short weeks now, so most of my free time has been spent learning Lamaze breathing, making the weekly run to Babies R Us, and relocating my office from the larger room upstairs to the smaller one downstairs - which I do happen to like MUCH more than I had anticipated. I have everything I need within a short walk - a bathroom, beer fridge, and 52" HD TV. I only need to go upstairs to eat and sleep now, but alas, this will all change soon...

Recently, I was asked if you could change the way Export to CSV in ApEx works. The short answer is, of course, no. But it's not too difficult to "roll your own" CSV export procedure.

Why would you want to do this? Well, the customer's requirement was to manipulate some data when the Export link was clicked, and then export it to CSV in a format…

Refreshing PL/SQL Regions in APEX

If you've been using APEX long enough, you've probably used a PL/SQL Region to render some sort of HTML that the APEX built-in components simply can't handle. Perhaps a complex chart or region that has a lot of custom content and/or layout. While best practices may be to use an APEX component, or if not, build a plugin, we all know that sometimes reality doesn't give us that kind of time or flexibility.While the PL/SQL Region is quite powerful, it still lacks a key feature: the ability to be refreshed by a Dynamic Action. This is true even in APEX 5. Fortunately, there's a simple workaround that only requires a small change to your code: change your procedure to a function and call it from a Classic Report region.In changing your procedure to a function, you'll likely only need to make one type of change: converting and htp.prn calls to instead populate and return a variable at the end of the function. Most, if not all of the rest of the code can remain un…