SlideShare une entreprise Scribd logo

Real Application Security (RAS) and Oracle Application Express (APEX)

Dimitri Gielis
Dimitri Gielis

Security in an APEX app Introduction to Real Application Security (RAS) Using RAS in Oracle Application Express (APEX) Live demo implementing RAS in APEX app

Technologie
1  sur  33
Télécharger pour lire hors ligne
Dimitri Gielis Real Application Security (RAS) in APEX www.apexRnD.be dgielis.blogspot.com @dgielis dgielis@apexRnD.be
Dimitri Gielis ❖ Founder & CEO of APEX R&D ❖ 18+ years of Oracle Experience (OCP & APEX Certified) ❖ Oracle ACE Director ❖ “APEX Developer of the year 2009” by Oracle Magazine ❖ “Oracle Developer Choice award (ORDS)” in 2015 ❖ Author Expert Oracle Application Express ❖ Presenter at Oracle Conferences (OOW, ODTUG, OGh, UKOUG, …)
https://www.apexofficeprint.com
http://dgielis.blogspot.com @dgielis
Agenda ❖ Security in an APEX app ❖ Introduction to Real Application Security (RAS) ❖ Using RAS in Oracle Application Express (APEX) ❖ Live demo implementing RAS in APEX app
Security in APEX
Oracle APEX Security ❖ Authentication schemes ❖ Can I go in? - Users ❖ SSO, Custom table, APEX, DB… ❖ Authorization schemes ❖ What can I do? - Roles ❖ Defined on APEX components (page, item, navigation, …)
Access Control ❖ Easy wizard ❖ Creation of Authorization schemes & Admin screen ❖ Assign roles to users ❖ Targeted for UI, not for Data
Access Control wizard
Access Control admin screen
Challenges on Data Access Control What about data?
Challenges on Data Access Control ❖ Code executed under privileged user ❖ Database unaware of end users ❖ Data access policy (data security) is hard coded in ❖ Where-clause - application level ❖ Views - database level ❖ Virtual Private Database (VPD) - database level
Real Application Security (RAS)
Real Application Security (RAS) A database authorisation solution for end-to-end application security
RAS Key features ❖ Support Application Users and Sessions ❖ Schema-less user, security and application context in DB ❖ Support Application Privileges and Roles ❖ Support fine-grained data access control on rows and columns ❖ Based on user operation execution context ❖ Enforce security close to data
Example Application Security ❖ All employees can view public information ❖ An employee can view own record, update contact information ❖ Manager can view salary of his/her reports Name Manager SSN Salary Phone Number Adam Steven 515.123.4567 Neena Steven 515.123.4568 Nancy Neena 515.124.4569 Luis Nancy 515.124.4567 John Nancy 515.124.4269 Daniel Nancy 515.124.4469 Nancy Neena 108-51-4569 12030 650.111.3300 6900 8200 9000
RAS Concepts: Data Realms ❖ A group of rows representing a business object ❖ All employees ❖ My own employee record ❖ All employees under my report ❖ Assign privileges to columns ❖ viewSSN for SSN column ❖ viewSalary for Salary column Employee table My own My reports viewSSN viewSalary All records
RAS Concepts: Policy components ❖ Data Security policy is a collection of Data Realms and ACLs ❖ Each Data Realm has an associated ACL with grants Access Control List (ACL) -Grant select to Manager -Grant viewSalary to Manager Application Privilege -select,viewSalary Application Privilege -select,viewSalary Application Role - Manager Application Role - Manager Data Realm - Employees under my report Data Realm - Employees under my report Access Control List (ACL) -Grant select to Manager -Grant viewSalary to Manager Data Realm - Employees under my report Application Role - Manager Application Privilege -select,viewSalary
RAS: setup with PL/SQL API xs_principal.create_role(name => 'emp_role', enabled => true); xs_security_class.create_security_class( name => 'hr.hrprivs', parent_list => xs$name_list('sys.dml'), priv_list => xs$privilege_list(xs$privilege('view_salary')));
RAS Administration Tool 1. All records 2. My record 3. My reports Employees Table Restricted Salary & SSN Columns Privilege Grants Note: the RASADM (RAS Administration Tool) is written in APEX :)
RAS Administration Tool: ACLs Grants on my record Grants on all records Grants on my reports
RAS Administration Tool: Application Roles HR Representatives can view SSN Employees can view and update their own records Managers can view salaries of their reports
Real Application Security Features • VP delegating calendar management function to an AssistantControlled Delegation • Contractor getting access for a specific duration Effective-date support • Access to certain reports allowed only on intranetNegative grants • Batch programs with elevated privileges to summarize dataCode-based security • Conditional rendering of User InterfaceFunction Security • Application users, privileges, roles are known to databaseAuditing
Real Application Security Architecture Data Security Policy DB Sessions RAS Sessions SQL*PlusAPEX apps…
RAS in APEX
RAS Integration with APEX ❖ Application users continue to be provisioned 
 in the database or identity stores ❖ User authentication remains in APEX ❖ RAS session contains application user, 
 its roles, and session context ❖ Based on APEX user’s security context ❖ Application code executes within RAS session ❖ Attached and detached to a db session Page Request APEX Session Page Display Application code Detach RAS Session Attach RAS Session
RAS Integration with APEX 5 ❖ APEX can use RAS users, roles, and data security policy ❖ Instead of custom authorization using VPD ❖ RAS Session is transparently created based on APEX session ❖ For APEX authorization schemes, use RAS ACL check operators
Demo RAS in APEX
RAS Benefits ❖ Stronger security ❖ Enforced regardless of entry points: direct, APEX, or middleware ❖ Audit end-user activity in database audit trail ❖ Simpler development ❖ Declarative policy, relieves writing authorization code ❖ Native support for application roles, application privileges, application users ❖ High Performance Access Control ❖ Optimized for typical data access patterns within core database ❖ Simpler administration ❖ Centralized management, end-to-end uniform security across mid-tier and database
RAS - to know… ❖ One RAS repository for the whole database ❖ Takes a bit of time to get used to the implementation and naming ❖ RASADM can help, but … ❖ RASADM doesn’t expose all features ❖ RASADM app didn’t always behave as expected 
 (had to patch it to get some things working ) ❖ Once you enable RAS make sure to test your app (!)
 APEX Advisor can’t check for the correct grants (yet).
References ❖ Oracle RAS Developer Guide
 docs.oracle.com/database/121 ❖ Oracle RAS Papers
 www.oracle.com/technetwork/database/security/real-application-security ❖ Presentation by Vikram Pesati ❖ Presentation by Joel Kallman & Tanvir Ahmed 
 www.slideserve.com/odele/oracle-database-12c-real-application-security-for-oracle-application- express
Q&A www.apexRnD.be dgielis.blogspot.com @dgielis dgielis@apexRnD.be
❖ Looking for consulting, training and development in Oracle Application Express (APEX)? ❖ Contact : www.apexRnD.be ❖ Mail : info@apexRnD.be Consulting, Development, Training

Recommandé

APEX Security 101
APEX Security 101APEX Security 101
APEX Security 101Dimitri Gielis
 
Access Denied: Real-World Use Cases for APEX and Real Application Security
Access Denied: Real-World Use Cases for APEX and Real Application SecurityAccess Denied: Real-World Use Cases for APEX and Real Application Security
Access Denied: Real-World Use Cases for APEX and Real Application SecurityJim Czuprynski
 
What is tackled in the Java EE Security API (Java EE 8)
What is tackled in the Java EE Security API (Java EE 8)What is tackled in the Java EE Security API (Java EE 8)
What is tackled in the Java EE Security API (Java EE 8)Rudy De Busscher
 
SSO With APEX and ADFS the weblogic way
SSO With APEX and ADFS the weblogic waySSO With APEX and ADFS the weblogic way
SSO With APEX and ADFS the weblogic waymakker_nl
 
Oracle REST Data Services Best Practices/ Overview
Oracle REST Data Services Best Practices/ OverviewOracle REST Data Services Best Practices/ Overview
Oracle REST Data Services Best Practices/ OverviewKris Rice
 
ClassLoader Leaks
ClassLoader LeaksClassLoader Leaks
ClassLoader LeaksMattias Jiderhamn
 
Privilege Analysis with the Oracle Database
Privilege Analysis with the Oracle DatabasePrivilege Analysis with the Oracle Database
Privilege Analysis with the Oracle DatabaseMarkus Flechtner
 
New Features for Multitenant in Oracle Database 21c
New Features for Multitenant in Oracle Database 21cNew Features for Multitenant in Oracle Database 21c
New Features for Multitenant in Oracle Database 21cMarkus Flechtner
 

Recommandé

APEX Security 101
APEX Security 101APEX Security 101
APEX Security 101Dimitri Gielis
 
Access Denied: Real-World Use Cases for APEX and Real Application Security
Access Denied: Real-World Use Cases for APEX and Real Application SecurityAccess Denied: Real-World Use Cases for APEX and Real Application Security
Access Denied: Real-World Use Cases for APEX and Real Application SecurityJim Czuprynski
 
What is tackled in the Java EE Security API (Java EE 8)
What is tackled in the Java EE Security API (Java EE 8)What is tackled in the Java EE Security API (Java EE 8)
What is tackled in the Java EE Security API (Java EE 8)Rudy De Busscher
 
SSO With APEX and ADFS the weblogic way
SSO With APEX and ADFS the weblogic waySSO With APEX and ADFS the weblogic way
SSO With APEX and ADFS the weblogic waymakker_nl
 
Oracle REST Data Services Best Practices/ Overview
Oracle REST Data Services Best Practices/ OverviewOracle REST Data Services Best Practices/ Overview
Oracle REST Data Services Best Practices/ OverviewKris Rice
 
ClassLoader Leaks
ClassLoader LeaksClassLoader Leaks
ClassLoader LeaksMattias Jiderhamn
 
Privilege Analysis with the Oracle Database
Privilege Analysis with the Oracle DatabasePrivilege Analysis with the Oracle Database
Privilege Analysis with the Oracle DatabaseMarkus Flechtner
 
New Features for Multitenant in Oracle Database 21c
New Features for Multitenant in Oracle Database 21cNew Features for Multitenant in Oracle Database 21c
New Features for Multitenant in Oracle Database 21cMarkus Flechtner
 
Swagger / Quick Start Guide
Swagger / Quick Start GuideSwagger / Quick Start Guide
Swagger / Quick Start GuideAndrii Gakhov
 
DOAG Oracle Database Vault
DOAG Oracle Database VaultDOAG Oracle Database Vault
DOAG Oracle Database VaultStefan Oehrli
 
Oracle Database Vault
Oracle Database VaultOracle Database Vault
Oracle Database VaultMarco Alamanni
 
ID連携における仮名
ID連携における仮名ID連携における仮名
ID連携における仮名Naohiro Fujie
 
APEX Connect 2019 - SQL Tuning 101
APEX Connect 2019 - SQL Tuning 101APEX Connect 2019 - SQL Tuning 101
APEX Connect 2019 - SQL Tuning 101Connor McDonald
 
Reporting with Oracle Application Express (APEX)
Reporting with Oracle Application Express (APEX)Reporting with Oracle Application Express (APEX)
Reporting with Oracle Application Express (APEX)Dimitri Gielis
 
Row-level security and Dynamic Data Masking
Row-level security and Dynamic Data MaskingRow-level security and Dynamic Data Masking
Row-level security and Dynamic Data MaskingSolidQ
 
Introduction to SQL Server Security
Introduction to SQL Server SecurityIntroduction to SQL Server Security
Introduction to SQL Server SecurityJason Strate
 
Database Cloud Services Office Hours - 0421 - Migrate AWS to OCI
Database Cloud Services Office Hours - 0421 - Migrate AWS to OCIDatabase Cloud Services Office Hours - 0421 - Migrate AWS to OCI
Database Cloud Services Office Hours - 0421 - Migrate AWS to OCITammy Bednar
 
AutoUpgrade and Best Practices
AutoUpgrade and Best PracticesAutoUpgrade and Best Practices
AutoUpgrade and Best PracticesJitendra Singh
 
Service Workers and APEX
Service Workers and APEXService Workers and APEX
Service Workers and APEXDimitri Gielis
 
Anatomy of a Spring Boot App with Clean Architecture - Spring I/O 2023
Anatomy of a Spring Boot App with Clean Architecture - Spring I/O 2023Anatomy of a Spring Boot App with Clean Architecture - Spring I/O 2023
Anatomy of a Spring Boot App with Clean Architecture - Spring I/O 2023Steve Pember
 
Documenting your REST API with Swagger - JOIN 2014
Documenting your REST API with Swagger - JOIN 2014Documenting your REST API with Swagger - JOIN 2014
Documenting your REST API with Swagger - JOIN 2014JWORKS powered by Ordina
 
Spring Security
Spring SecuritySpring Security
Spring SecurityBoy Tech
 
Clean architecture
Clean architectureClean architecture
Clean architectureLieven Doclo
 
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdfOracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdfSrirakshaSrinivasan2
 
Manual Code Review
Manual Code ReviewManual Code Review
Manual Code Reviewn|u - The Open Security Community
 
Spring Boot
Spring BootSpring Boot
Spring BootJiayun Zhou
 
jpa-hibernate-presentation
jpa-hibernate-presentationjpa-hibernate-presentation
jpa-hibernate-presentationJohn Slick
 
What to Expect From Oracle database 19c
What to Expect From Oracle database 19cWhat to Expect From Oracle database 19c
What to Expect From Oracle database 19cMaria Colgan
 
Protect Sensitive Data: Implementing Fine-Grained Access Control in Oracle
Protect Sensitive Data: Implementing Fine-Grained Access Control in OracleProtect Sensitive Data: Implementing Fine-Grained Access Control in Oracle
Protect Sensitive Data: Implementing Fine-Grained Access Control in OracleNelson Calero
 
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck by Synopsys
 

Contenu connexe

Tendances

Swagger / Quick Start Guide
Swagger / Quick Start GuideSwagger / Quick Start Guide
Swagger / Quick Start GuideAndrii Gakhov
 
DOAG Oracle Database Vault
DOAG Oracle Database VaultDOAG Oracle Database Vault
DOAG Oracle Database VaultStefan Oehrli
 
ID連携における仮名
ID連携における仮名ID連携における仮名
ID連携における仮名Naohiro Fujie
 
APEX Connect 2019 - SQL Tuning 101
APEX Connect 2019 - SQL Tuning 101APEX Connect 2019 - SQL Tuning 101
APEX Connect 2019 - SQL Tuning 101Connor McDonald
 
Reporting with Oracle Application Express (APEX)
Reporting with Oracle Application Express (APEX)Reporting with Oracle Application Express (APEX)
Reporting with Oracle Application Express (APEX)Dimitri Gielis
 
Row-level security and Dynamic Data Masking
Row-level security and Dynamic Data MaskingRow-level security and Dynamic Data Masking
Row-level security and Dynamic Data MaskingSolidQ
 
Introduction to SQL Server Security
Introduction to SQL Server SecurityIntroduction to SQL Server Security
Introduction to SQL Server SecurityJason Strate
 
Database Cloud Services Office Hours - 0421 - Migrate AWS to OCI
Database Cloud Services Office Hours - 0421 - Migrate AWS to OCIDatabase Cloud Services Office Hours - 0421 - Migrate AWS to OCI
Database Cloud Services Office Hours - 0421 - Migrate AWS to OCITammy Bednar
 
AutoUpgrade and Best Practices
AutoUpgrade and Best PracticesAutoUpgrade and Best Practices
AutoUpgrade and Best PracticesJitendra Singh
 
Service Workers and APEX
Service Workers and APEXService Workers and APEX
Service Workers and APEXDimitri Gielis
 
Anatomy of a Spring Boot App with Clean Architecture - Spring I/O 2023
Anatomy of a Spring Boot App with Clean Architecture - Spring I/O 2023Anatomy of a Spring Boot App with Clean Architecture - Spring I/O 2023
Anatomy of a Spring Boot App with Clean Architecture - Spring I/O 2023Steve Pember
 
Documenting your REST API with Swagger - JOIN 2014
Documenting your REST API with Swagger - JOIN 2014Documenting your REST API with Swagger - JOIN 2014
Documenting your REST API with Swagger - JOIN 2014JWORKS powered by Ordina
 
Spring Security
Spring SecuritySpring Security
Spring SecurityBoy Tech
 
Clean architecture
Clean architectureClean architecture
Clean architectureLieven Doclo
 
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdfOracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdfSrirakshaSrinivasan2
 
jpa-hibernate-presentation
jpa-hibernate-presentationjpa-hibernate-presentation
jpa-hibernate-presentationJohn Slick
 
What to Expect From Oracle database 19c
What to Expect From Oracle database 19cWhat to Expect From Oracle database 19c
What to Expect From Oracle database 19cMaria Colgan
 

Tendances (20)

Swagger / Quick Start Guide
Swagger / Quick Start GuideSwagger / Quick Start Guide
Swagger / Quick Start Guide
 
DOAG Oracle Database Vault
DOAG Oracle Database VaultDOAG Oracle Database Vault
DOAG Oracle Database Vault
 
Oracle Database Vault
Oracle Database VaultOracle Database Vault
Oracle Database Vault
 
ID連携における仮名
ID連携における仮名ID連携における仮名
ID連携における仮名
 
APEX Connect 2019 - SQL Tuning 101
APEX Connect 2019 - SQL Tuning 101APEX Connect 2019 - SQL Tuning 101
APEX Connect 2019 - SQL Tuning 101
 
Reporting with Oracle Application Express (APEX)
Reporting with Oracle Application Express (APEX)Reporting with Oracle Application Express (APEX)
Reporting with Oracle Application Express (APEX)
 
Row-level security and Dynamic Data Masking
Row-level security and Dynamic Data MaskingRow-level security and Dynamic Data Masking
Row-level security and Dynamic Data Masking
 
Introduction to SQL Server Security
Introduction to SQL Server SecurityIntroduction to SQL Server Security
Introduction to SQL Server Security
 
Database Cloud Services Office Hours - 0421 - Migrate AWS to OCI
Database Cloud Services Office Hours - 0421 - Migrate AWS to OCIDatabase Cloud Services Office Hours - 0421 - Migrate AWS to OCI
Database Cloud Services Office Hours - 0421 - Migrate AWS to OCI
 
AutoUpgrade and Best Practices
AutoUpgrade and Best PracticesAutoUpgrade and Best Practices
AutoUpgrade and Best Practices
 
Service Workers and APEX
Service Workers and APEXService Workers and APEX
Service Workers and APEX
 
Anatomy of a Spring Boot App with Clean Architecture - Spring I/O 2023
Anatomy of a Spring Boot App with Clean Architecture - Spring I/O 2023Anatomy of a Spring Boot App with Clean Architecture - Spring I/O 2023
Anatomy of a Spring Boot App with Clean Architecture - Spring I/O 2023
 
Documenting your REST API with Swagger - JOIN 2014
Documenting your REST API with Swagger - JOIN 2014Documenting your REST API with Swagger - JOIN 2014
Documenting your REST API with Swagger - JOIN 2014
 
Spring Security
Spring SecuritySpring Security
Spring Security
 
Clean architecture
Clean architectureClean architecture
Clean architecture
 
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdfOracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
 
Manual Code Review
Manual Code ReviewManual Code Review
Manual Code Review
 
Spring Boot
Spring BootSpring Boot
Spring Boot
 
jpa-hibernate-presentation
jpa-hibernate-presentationjpa-hibernate-presentation
jpa-hibernate-presentation
 
What to Expect From Oracle database 19c
What to Expect From Oracle database 19cWhat to Expect From Oracle database 19c
What to Expect From Oracle database 19c
 

En vedette

Protect Sensitive Data: Implementing Fine-Grained Access Control in Oracle
Protect Sensitive Data: Implementing Fine-Grained Access Control in OracleProtect Sensitive Data: Implementing Fine-Grained Access Control in Oracle
Protect Sensitive Data: Implementing Fine-Grained Access Control in OracleNelson Calero
 
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck by Synopsys
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
Scaling IoT: Telemetry, Command & Control, Analytics and the Cloud
Scaling IoT: Telemetry, Command & Control, Analytics and the CloudScaling IoT: Telemetry, Command & Control, Analytics and the Cloud
Scaling IoT: Telemetry, Command & Control, Analytics and the CloudNick Landry
 
Oracle’s Advanced Analytics & Machine Learning 12.2c New Features & Road Map;...
Oracle’s Advanced Analytics & Machine Learning 12.2c New Features & Road Map;...Oracle’s Advanced Analytics & Machine Learning 12.2c New Features & Road Map;...
Oracle’s Advanced Analytics & Machine Learning 12.2c New Features & Road Map;...Charlie Berger
 
Introduction to Machine Learning for Oracle Database Professionals
Introduction to Machine Learning for Oracle Database ProfessionalsIntroduction to Machine Learning for Oracle Database Professionals
Introduction to Machine Learning for Oracle Database ProfessionalsAlex Gorbachev
 
Software Defined Networking (SDN) with VMware NSX
Software Defined Networking (SDN) with VMware NSXSoftware Defined Networking (SDN) with VMware NSX
Software Defined Networking (SDN) with VMware NSXZivaro Inc
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 

En vedette (9)

Protect Sensitive Data: Implementing Fine-Grained Access Control in Oracle
Protect Sensitive Data: Implementing Fine-Grained Access Control in OracleProtect Sensitive Data: Implementing Fine-Grained Access Control in Oracle
Protect Sensitive Data: Implementing Fine-Grained Access Control in Oracle
 
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open Source
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
Scaling IoT: Telemetry, Command & Control, Analytics and the Cloud
Scaling IoT: Telemetry, Command & Control, Analytics and the CloudScaling IoT: Telemetry, Command & Control, Analytics and the Cloud
Scaling IoT: Telemetry, Command & Control, Analytics and the Cloud
 
Oracle’s Advanced Analytics & Machine Learning 12.2c New Features & Road Map;...
Oracle’s Advanced Analytics & Machine Learning 12.2c New Features & Road Map;...Oracle’s Advanced Analytics & Machine Learning 12.2c New Features & Road Map;...
Oracle’s Advanced Analytics & Machine Learning 12.2c New Features & Road Map;...
 
Introduction to Machine Learning for Oracle Database Professionals
Introduction to Machine Learning for Oracle Database ProfessionalsIntroduction to Machine Learning for Oracle Database Professionals
Introduction to Machine Learning for Oracle Database Professionals
 
Software Defined Networking (SDN) with VMware NSX
Software Defined Networking (SDN) with VMware NSXSoftware Defined Networking (SDN) with VMware NSX
Software Defined Networking (SDN) with VMware NSX
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
 

Similaire à Real Application Security (RAS) and Oracle Application Express (APEX)

Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...Amazon Web Services
 
Aws architecture main ideas
Aws architecture main ideasAws architecture main ideas
Aws architecture main ideasCraig F.R Read
 
Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности Cisco Russia
 
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk
 
Government and Education Webinar: Improving Application Performance
Government and Education Webinar: Improving Application PerformanceGovernment and Education Webinar: Improving Application Performance
Government and Education Webinar: Improving Application PerformanceSolarWinds
 
Single Sign-On for APEX apps (Important: latest version on edocr!)
Single Sign-On for APEX apps (Important: latest version on edocr!)Single Sign-On for APEX apps (Important: latest version on edocr!)
Single Sign-On for APEX apps (Important: latest version on edocr!)Niels de Bruijn
 
Finding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldFinding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldShannon Lietz
 
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS AccountsHow to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS AccountsSebastian Taphanel CISSP-ISSEP
 
Annual OktCyberfest 2019
Annual OktCyberfest 2019Annual OktCyberfest 2019
Annual OktCyberfest 2019Fahad Al-Hasan
 
Evaluating Web App, Mobile App, and API Security - Matt Cohen
Evaluating Web App, Mobile App, and API Security - Matt CohenEvaluating Web App, Mobile App, and API Security - Matt Cohen
Evaluating Web App, Mobile App, and API Security - Matt CohenInman News
 
Security guidelines
Security guidelinesSecurity guidelines
Security guidelineskarthz
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsRightScale
 
SolarWinds Federal Webinar: Technical Update & New Feature Demo November 2016
SolarWinds Federal Webinar: Technical Update & New Feature Demo November 2016SolarWinds Federal Webinar: Technical Update & New Feature Demo November 2016
SolarWinds Federal Webinar: Technical Update & New Feature Demo November 2016SolarWinds
 
Moving your APEX app to the Oracle Exadata Express Cloud
Moving your APEX app to the Oracle Exadata Express CloudMoving your APEX app to the Oracle Exadata Express Cloud
Moving your APEX app to the Oracle Exadata Express CloudDimitri Gielis
 
Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceAmazon Web Services
 
Air Force Webinar: Using a SIEM to Improve Your IT Security
Air Force Webinar: Using a SIEM to Improve Your IT Security Air Force Webinar: Using a SIEM to Improve Your IT Security
Air Force Webinar: Using a SIEM to Improve Your IT Security SolarWinds
 
Presentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion seguraPresentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion seguraRogerChaucaZea
 
M-Files Enterprise Content Management Software
M-Files Enterprise Content Management SoftwareM-Files Enterprise Content Management Software
M-Files Enterprise Content Management SoftwareChris Davidson
 
Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Kal BO
 

Similaire à Real Application Security (RAS) and Oracle Application Express (APEX) (20)

Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
 
Aws architecture main ideas
Aws architecture main ideasAws architecture main ideas
Aws architecture main ideas
 
Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности
 
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
 
Government and Education Webinar: Improving Application Performance
Government and Education Webinar: Improving Application PerformanceGovernment and Education Webinar: Improving Application Performance
Government and Education Webinar: Improving Application Performance
 
Single Sign-On for APEX apps (Important: latest version on edocr!)
Single Sign-On for APEX apps (Important: latest version on edocr!)Single Sign-On for APEX apps (Important: latest version on edocr!)
Single Sign-On for APEX apps (Important: latest version on edocr!)
 
Finding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldFinding Security a Home in a DevOps World
Finding Security a Home in a DevOps World
 
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS AccountsHow to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
 
Annual OktCyberfest 2019
Annual OktCyberfest 2019Annual OktCyberfest 2019
Annual OktCyberfest 2019
 
Evaluating Web App, Mobile App, and API Security - Matt Cohen
Evaluating Web App, Mobile App, and API Security - Matt CohenEvaluating Web App, Mobile App, and API Security - Matt Cohen
Evaluating Web App, Mobile App, and API Security - Matt Cohen
 
Security guidelines
Security guidelinesSecurity guidelines
Security guidelines
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid Clouds
 
SolarWinds Federal Webinar: Technical Update & New Feature Demo November 2016
SolarWinds Federal Webinar: Technical Update & New Feature Demo November 2016SolarWinds Federal Webinar: Technical Update & New Feature Demo November 2016
SolarWinds Federal Webinar: Technical Update & New Feature Demo November 2016
 
Moving your APEX app to the Oracle Exadata Express Cloud
Moving your APEX app to the Oracle Exadata Express CloudMoving your APEX app to the Oracle Exadata Express Cloud
Moving your APEX app to the Oracle Exadata Express Cloud
 
Paas ppt
Paas pptPaas ppt
Paas ppt
 
Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database Service
 
Air Force Webinar: Using a SIEM to Improve Your IT Security
Air Force Webinar: Using a SIEM to Improve Your IT Security Air Force Webinar: Using a SIEM to Improve Your IT Security
Air Force Webinar: Using a SIEM to Improve Your IT Security
 
Presentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion seguraPresentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion segura
 
M-Files Enterprise Content Management Software
M-Files Enterprise Content Management SoftwareM-Files Enterprise Content Management Software
M-Files Enterprise Content Management Software
 
Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...
 

Plus de Dimitri Gielis

Bring the light in your Always FREE Oracle Cloud
Bring the light in your Always FREE Oracle CloudBring the light in your Always FREE Oracle Cloud
Bring the light in your Always FREE Oracle CloudDimitri Gielis
 
APEX Office Print (AOP)
APEX Office Print (AOP)APEX Office Print (AOP)
APEX Office Print (AOP)Dimitri Gielis
 
REST Web Service? No, GraphQL please!
REST Web Service? No, GraphQL please!REST Web Service? No, GraphQL please!
REST Web Service? No, GraphQL please!Dimitri Gielis
 
Can You Do That with APEX? Building Not So Straightforward Pages
Can You Do That with APEX? Building Not So Straightforward PagesCan You Do That with APEX? Building Not So Straightforward Pages
Can You Do That with APEX? Building Not So Straightforward PagesDimitri Gielis
 
Bringing Virtual Reality (VR) and Augmented Reality (AR) to APEX
Bringing Virtual Reality (VR) and Augmented Reality (AR) to APEXBringing Virtual Reality (VR) and Augmented Reality (AR) to APEX
Bringing Virtual Reality (VR) and Augmented Reality (AR) to APEXDimitri Gielis
 
Oracle APEX Cheat Sheet
Oracle APEX Cheat SheetOracle APEX Cheat Sheet
Oracle APEX Cheat SheetDimitri Gielis
 
Oracle APEX for Beginners
Oracle APEX for BeginnersOracle APEX for Beginners
Oracle APEX for BeginnersDimitri Gielis
 
JavaScript straight from the Oracle Database
JavaScript straight from the Oracle DatabaseJavaScript straight from the Oracle Database
JavaScript straight from the Oracle DatabaseDimitri Gielis
 
Moving to the APEX Listener
Moving to the APEX ListenerMoving to the APEX Listener
Moving to the APEX ListenerDimitri Gielis
 
APEX 5 Demo and Best Practices
APEX 5 Demo and Best PracticesAPEX 5 Demo and Best Practices
APEX 5 Demo and Best PracticesDimitri Gielis
 
A Primer on Web Components in APEX
A Primer on Web Components in APEXA Primer on Web Components in APEX
A Primer on Web Components in APEXDimitri Gielis
 
How to make APEX print through Node.js
How to make APEX print through Node.jsHow to make APEX print through Node.js
How to make APEX print through Node.jsDimitri Gielis
 
Oracle Application Express (APEX) and Microsoft Sharepoint integration
Oracle Application Express (APEX) and Microsoft Sharepoint integrationOracle Application Express (APEX) and Microsoft Sharepoint integration
Oracle Application Express (APEX) and Microsoft Sharepoint integrationDimitri Gielis
 

Plus de Dimitri Gielis (15)

Bring the light in your Always FREE Oracle Cloud
Bring the light in your Always FREE Oracle CloudBring the light in your Always FREE Oracle Cloud
Bring the light in your Always FREE Oracle Cloud
 
APEX Office Print (AOP)
APEX Office Print (AOP)APEX Office Print (AOP)
APEX Office Print (AOP)
 
REST Web Service? No, GraphQL please!
REST Web Service? No, GraphQL please!REST Web Service? No, GraphQL please!
REST Web Service? No, GraphQL please!
 
Can You Do That with APEX? Building Not So Straightforward Pages
Can You Do That with APEX? Building Not So Straightforward PagesCan You Do That with APEX? Building Not So Straightforward Pages
Can You Do That with APEX? Building Not So Straightforward Pages
 
Bringing Virtual Reality (VR) and Augmented Reality (AR) to APEX
Bringing Virtual Reality (VR) and Augmented Reality (AR) to APEXBringing Virtual Reality (VR) and Augmented Reality (AR) to APEX
Bringing Virtual Reality (VR) and Augmented Reality (AR) to APEX
 
Oracle APEX Cheat Sheet
Oracle APEX Cheat SheetOracle APEX Cheat Sheet
Oracle APEX Cheat Sheet
 
Oracle APEX for Beginners
Oracle APEX for BeginnersOracle APEX for Beginners
Oracle APEX for Beginners
 
JavaScript straight from the Oracle Database
JavaScript straight from the Oracle DatabaseJavaScript straight from the Oracle Database
JavaScript straight from the Oracle Database
 
APEX Office Print
APEX Office PrintAPEX Office Print
APEX Office Print
 
Moving to the APEX Listener
Moving to the APEX ListenerMoving to the APEX Listener
Moving to the APEX Listener
 
APEX Wearables
APEX WearablesAPEX Wearables
APEX Wearables
 
APEX 5 Demo and Best Practices
APEX 5 Demo and Best PracticesAPEX 5 Demo and Best Practices
APEX 5 Demo and Best Practices
 
A Primer on Web Components in APEX
A Primer on Web Components in APEXA Primer on Web Components in APEX
A Primer on Web Components in APEX
 
How to make APEX print through Node.js
How to make APEX print through Node.jsHow to make APEX print through Node.js
How to make APEX print through Node.js
 
Oracle Application Express (APEX) and Microsoft Sharepoint integration
Oracle Application Express (APEX) and Microsoft Sharepoint integrationOracle Application Express (APEX) and Microsoft Sharepoint integration
Oracle Application Express (APEX) and Microsoft Sharepoint integration
 

Dernier

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 

Dernier (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

Real Application Security (RAS) and Oracle Application Express (APEX)

  • 1. Dimitri Gielis Real Application Security (RAS) in APEX www.apexRnD.be dgielis.blogspot.com @dgielis dgielis@apexRnD.be
  • 2. Dimitri Gielis ❖ Founder & CEO of APEX R&D ❖ 18+ years of Oracle Experience (OCP & APEX Certified) ❖ Oracle ACE Director ❖ “APEX Developer of the year 2009” by Oracle Magazine ❖ “Oracle Developer Choice award (ORDS)” in 2015 ❖ Author Expert Oracle Application Express ❖ Presenter at Oracle Conferences (OOW, ODTUG, OGh, UKOUG, …)
  • 5. Agenda ❖ Security in an APEX app ❖ Introduction to Real Application Security (RAS) ❖ Using RAS in Oracle Application Express (APEX) ❖ Live demo implementing RAS in APEX app
  • 7. Oracle APEX Security ❖ Authentication schemes ❖ Can I go in? - Users ❖ SSO, Custom table, APEX, DB… ❖ Authorization schemes ❖ What can I do? - Roles ❖ Defined on APEX components (page, item, navigation, …)
  • 8. Access Control ❖ Easy wizard ❖ Creation of Authorization schemes & Admin screen ❖ Assign roles to users ❖ Targeted for UI, not for Data
  • 11. Challenges on Data Access Control What about data?
  • 12. Challenges on Data Access Control ❖ Code executed under privileged user ❖ Database unaware of end users ❖ Data access policy (data security) is hard coded in ❖ Where-clause - application level ❖ Views - database level ❖ Virtual Private Database (VPD) - database level
  • 14. Real Application Security (RAS) A database authorisation solution for end-to-end application security
  • 15. RAS Key features ❖ Support Application Users and Sessions ❖ Schema-less user, security and application context in DB ❖ Support Application Privileges and Roles ❖ Support fine-grained data access control on rows and columns ❖ Based on user operation execution context ❖ Enforce security close to data
  • 16. Example Application Security ❖ All employees can view public information ❖ An employee can view own record, update contact information ❖ Manager can view salary of his/her reports Name Manager SSN Salary Phone Number Adam Steven 515.123.4567 Neena Steven 515.123.4568 Nancy Neena 515.124.4569 Luis Nancy 515.124.4567 John Nancy 515.124.4269 Daniel Nancy 515.124.4469 Nancy Neena 108-51-4569 12030 650.111.3300 6900 8200 9000
  • 17. RAS Concepts: Data Realms ❖ A group of rows representing a business object ❖ All employees ❖ My own employee record ❖ All employees under my report ❖ Assign privileges to columns ❖ viewSSN for SSN column ❖ viewSalary for Salary column Employee table My own My reports viewSSN viewSalary All records
  • 18. RAS Concepts: Policy components ❖ Data Security policy is a collection of Data Realms and ACLs ❖ Each Data Realm has an associated ACL with grants Access Control List (ACL) -Grant select to Manager -Grant viewSalary to Manager Application Privilege -select,viewSalary Application Privilege -select,viewSalary Application Role - Manager Application Role - Manager Data Realm - Employees under my report Data Realm - Employees under my report Access Control List (ACL) -Grant select to Manager -Grant viewSalary to Manager Data Realm - Employees under my report Application Role - Manager Application Privilege -select,viewSalary
  • 19. RAS: setup with PL/SQL API xs_principal.create_role(name => 'emp_role', enabled => true); xs_security_class.create_security_class( name => 'hr.hrprivs', parent_list => xs$name_list('sys.dml'), priv_list => xs$privilege_list(xs$privilege('view_salary')));
  • 21. RAS Administration Tool: ACLs Grants on my record Grants on all records Grants on my reports
  • 22. RAS Administration Tool: Application Roles HR Representatives can view SSN Employees can view and update their own records Managers can view salaries of their reports
  • 23. Real Application Security Features • VP delegating calendar management function to an AssistantControlled Delegation • Contractor getting access for a specific duration Effective-date support • Access to certain reports allowed only on intranetNegative grants • Batch programs with elevated privileges to summarize dataCode-based security • Conditional rendering of User InterfaceFunction Security • Application users, privileges, roles are known to databaseAuditing
  • 24. Real Application Security Architecture Data Security Policy DB Sessions RAS Sessions SQL*PlusAPEX apps…
  • 26. RAS Integration with APEX ❖ Application users continue to be provisioned 
 in the database or identity stores ❖ User authentication remains in APEX ❖ RAS session contains application user, 
 its roles, and session context ❖ Based on APEX user’s security context ❖ Application code executes within RAS session ❖ Attached and detached to a db session Page Request APEX Session Page Display Application code Detach RAS Session Attach RAS Session
  • 27. RAS Integration with APEX 5 ❖ APEX can use RAS users, roles, and data security policy ❖ Instead of custom authorization using VPD ❖ RAS Session is transparently created based on APEX session ❖ For APEX authorization schemes, use RAS ACL check operators
  • 28. Demo RAS in APEX
  • 29. RAS Benefits ❖ Stronger security ❖ Enforced regardless of entry points: direct, APEX, or middleware ❖ Audit end-user activity in database audit trail ❖ Simpler development ❖ Declarative policy, relieves writing authorization code ❖ Native support for application roles, application privileges, application users ❖ High Performance Access Control ❖ Optimized for typical data access patterns within core database ❖ Simpler administration ❖ Centralized management, end-to-end uniform security across mid-tier and database
  • 30. RAS - to know… ❖ One RAS repository for the whole database ❖ Takes a bit of time to get used to the implementation and naming ❖ RASADM can help, but … ❖ RASADM doesn’t expose all features ❖ RASADM app didn’t always behave as expected 
 (had to patch it to get some things working ) ❖ Once you enable RAS make sure to test your app (!)
 APEX Advisor can’t check for the correct grants (yet).
  • 31. References ❖ Oracle RAS Developer Guide
 docs.oracle.com/database/121 ❖ Oracle RAS Papers
 www.oracle.com/technetwork/database/security/real-application-security ❖ Presentation by Vikram Pesati ❖ Presentation by Joel Kallman & Tanvir Ahmed 
 www.slideserve.com/odele/oracle-database-12c-real-application-security-for-oracle-application- express
  • 33. ❖ Looking for consulting, training and development in Oracle Application Express (APEX)? ❖ Contact : www.apexRnD.be ❖ Mail : info@apexRnD.be Consulting, Development, Training