Thursday, 22 March 2012

Securing Oracle Apex - ApexSec 2.1 Released


We would like to announce the next major release of our Apex security analyser ApexSec 2.1, this incorporates many new detection routines for the new issues we have been researching over the past months.

More detection routines for Cross-Site Scripting and SQL Injection and reduction of 'false-positives'.

Compatible with Linux, Windows and Mac OSX.

Works with all versions of Apex, either via export files or direct database connection.


Enhancements to the built in Apex browser means that issues can be fixed quickly and easily. ApexSec will keep the Apex browser in sync while you navigate to the issue, edit your Apex application within the Apex Browser.

Full explanations of vulnerabilities, and complete highlighted display of important issues.

Reports can be output in several formats.


New type detection means that numeric items, synonyms and views are analysed within vulnerabilities.

Tool-tips to quickly identify item settings. And navigation aids to solve vulnerable code.



Package processing to detect vulnerabilities inside PL/SQL Apex application code;


ApexSec will read the install scripts from an exported application to derive types, procedures, synonyms and any other information to increase detection accuracy.






Many fixes, enhancements and streamlining of the interface.

Integration with JUnit compatible build processes such as Hudson.





We are committed to continuing and maintaining our on-line testing service;

  • Free summary scans
  • Free HTML on-line report for Applications up to 15 pages
  • Full free on-line scan for open source projects
  • Full free on-line scan for registered charities

Search for 'oracle apex security', visit our main ApexSec web page or alternatively contact us for more details.


No comments:

Post a Comment