SlideShare una empresa de Scribd logo

Real Application Security (RAS) and Oracle Application Express (APEX)

Dimitri Gielis
Dimitri Gielis

Security in an APEX app Introduction to Real Application Security (RAS) Using RAS in Oracle Application Express (APEX) Live demo implementing RAS in APEX app

Tecnología
1 de 33
Descargar para leer sin conexión
Dimitri Gielis Real Application Security (RAS) in APEX www.apexRnD.be dgielis.blogspot.com @dgielis dgielis@apexRnD.be
Dimitri Gielis ❖ Founder & CEO of APEX R&D ❖ 18+ years of Oracle Experience (OCP & APEX Certified) ❖ Oracle ACE Director ❖ “APEX Developer of the year 2009” by Oracle Magazine ❖ “Oracle Developer Choice award (ORDS)” in 2015 ❖ Author Expert Oracle Application Express ❖ Presenter at Oracle Conferences (OOW, ODTUG, OGh, UKOUG, …)
https://www.apexofficeprint.com
http://dgielis.blogspot.com @dgielis
Agenda ❖ Security in an APEX app ❖ Introduction to Real Application Security (RAS) ❖ Using RAS in Oracle Application Express (APEX) ❖ Live demo implementing RAS in APEX app
Security in APEX
Oracle APEX Security ❖ Authentication schemes ❖ Can I go in? - Users ❖ SSO, Custom table, APEX, DB… ❖ Authorization schemes ❖ What can I do? - Roles ❖ Defined on APEX components (page, item, navigation, …)
Access Control ❖ Easy wizard ❖ Creation of Authorization schemes & Admin screen ❖ Assign roles to users ❖ Targeted for UI, not for Data
Access Control wizard
Access Control admin screen
Challenges on Data Access Control What about data?
Challenges on Data Access Control ❖ Code executed under privileged user ❖ Database unaware of end users ❖ Data access policy (data security) is hard coded in ❖ Where-clause - application level ❖ Views - database level ❖ Virtual Private Database (VPD) - database level
Real Application Security (RAS)
Real Application Security (RAS) A database authorisation solution for end-to-end application security
RAS Key features ❖ Support Application Users and Sessions ❖ Schema-less user, security and application context in DB ❖ Support Application Privileges and Roles ❖ Support fine-grained data access control on rows and columns ❖ Based on user operation execution context ❖ Enforce security close to data
Example Application Security ❖ All employees can view public information ❖ An employee can view own record, update contact information ❖ Manager can view salary of his/her reports Name Manager SSN Salary Phone Number Adam Steven 515.123.4567 Neena Steven 515.123.4568 Nancy Neena 515.124.4569 Luis Nancy 515.124.4567 John Nancy 515.124.4269 Daniel Nancy 515.124.4469 Nancy Neena 108-51-4569 12030 650.111.3300 6900 8200 9000
RAS Concepts: Data Realms ❖ A group of rows representing a business object ❖ All employees ❖ My own employee record ❖ All employees under my report ❖ Assign privileges to columns ❖ viewSSN for SSN column ❖ viewSalary for Salary column Employee table My own My reports viewSSN viewSalary All records
RAS Concepts: Policy components ❖ Data Security policy is a collection of Data Realms and ACLs ❖ Each Data Realm has an associated ACL with grants Access Control List (ACL) -Grant select to Manager -Grant viewSalary to Manager Application Privilege -select,viewSalary Application Privilege -select,viewSalary Application Role - Manager Application Role - Manager Data Realm - Employees under my report Data Realm - Employees under my report Access Control List (ACL) -Grant select to Manager -Grant viewSalary to Manager Data Realm - Employees under my report Application Role - Manager Application Privilege -select,viewSalary
RAS: setup with PL/SQL API xs_principal.create_role(name => 'emp_role', enabled => true); xs_security_class.create_security_class( name => 'hr.hrprivs', parent_list => xs$name_list('sys.dml'), priv_list => xs$privilege_list(xs$privilege('view_salary')));
RAS Administration Tool 1. All records 2. My record 3. My reports Employees Table Restricted Salary & SSN Columns Privilege Grants Note: the RASADM (RAS Administration Tool) is written in APEX :)
RAS Administration Tool: ACLs Grants on my record Grants on all records Grants on my reports
RAS Administration Tool: Application Roles HR Representatives can view SSN Employees can view and update their own records Managers can view salaries of their reports
Real Application Security Features • VP delegating calendar management function to an AssistantControlled Delegation • Contractor getting access for a specific duration Effective-date support • Access to certain reports allowed only on intranetNegative grants • Batch programs with elevated privileges to summarize dataCode-based security • Conditional rendering of User InterfaceFunction Security • Application users, privileges, roles are known to databaseAuditing
Real Application Security Architecture Data Security Policy DB Sessions RAS Sessions SQL*PlusAPEX apps…
RAS in APEX
RAS Integration with APEX ❖ Application users continue to be provisioned 
 in the database or identity stores ❖ User authentication remains in APEX ❖ RAS session contains application user, 
 its roles, and session context ❖ Based on APEX user’s security context ❖ Application code executes within RAS session ❖ Attached and detached to a db session Page Request APEX Session Page Display Application code Detach RAS Session Attach RAS Session
RAS Integration with APEX 5 ❖ APEX can use RAS users, roles, and data security policy ❖ Instead of custom authorization using VPD ❖ RAS Session is transparently created based on APEX session ❖ For APEX authorization schemes, use RAS ACL check operators
Demo RAS in APEX
RAS Benefits ❖ Stronger security ❖ Enforced regardless of entry points: direct, APEX, or middleware ❖ Audit end-user activity in database audit trail ❖ Simpler development ❖ Declarative policy, relieves writing authorization code ❖ Native support for application roles, application privileges, application users ❖ High Performance Access Control ❖ Optimized for typical data access patterns within core database ❖ Simpler administration ❖ Centralized management, end-to-end uniform security across mid-tier and database
RAS - to know… ❖ One RAS repository for the whole database ❖ Takes a bit of time to get used to the implementation and naming ❖ RASADM can help, but … ❖ RASADM doesn’t expose all features ❖ RASADM app didn’t always behave as expected 
 (had to patch it to get some things working ) ❖ Once you enable RAS make sure to test your app (!)
 APEX Advisor can’t check for the correct grants (yet).
References ❖ Oracle RAS Developer Guide
 docs.oracle.com/database/121 ❖ Oracle RAS Papers
 www.oracle.com/technetwork/database/security/real-application-security ❖ Presentation by Vikram Pesati ❖ Presentation by Joel Kallman & Tanvir Ahmed 
 www.slideserve.com/odele/oracle-database-12c-real-application-security-for-oracle-application- express
Q&A www.apexRnD.be dgielis.blogspot.com @dgielis dgielis@apexRnD.be
❖ Looking for consulting, training and development in Oracle Application Express (APEX)? ❖ Contact : www.apexRnD.be ❖ Mail : info@apexRnD.be Consulting, Development, Training

Recomendados

Access Denied: Real-World Use Cases for APEX and Real Application Security
Access Denied: Real-World Use Cases for APEX and Real Application SecurityAccess Denied: Real-World Use Cases for APEX and Real Application Security
Access Denied: Real-World Use Cases for APEX and Real Application SecurityJim Czuprynski
 
Oracle APEX for Beginners
Oracle APEX for BeginnersOracle APEX for Beginners
Oracle APEX for BeginnersDimitri Gielis
 
Reporting with Oracle Application Express (APEX)
Reporting with Oracle Application Express (APEX)Reporting with Oracle Application Express (APEX)
Reporting with Oracle Application Express (APEX)Dimitri Gielis
 
Oracle AHF Insights 23c - Deeper Diagnostic Insights for your Oracle Database...
Oracle AHF Insights 23c - Deeper Diagnostic Insights for your Oracle Database...Oracle AHF Insights 23c - Deeper Diagnostic Insights for your Oracle Database...
Oracle AHF Insights 23c - Deeper Diagnostic Insights for your Oracle Database...Sandesh Rao
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0Mika Koivisto
 
MySQL SQL Tutorial
MySQL SQL TutorialMySQL SQL Tutorial
MySQL SQL TutorialChien Chung Shen
 
MySQL Atchitecture and Concepts
MySQL Atchitecture and ConceptsMySQL Atchitecture and Concepts
MySQL Atchitecture and ConceptsTuyen Vuong
 
Oracle REST Data Services: Options for your Web Services
Oracle REST Data Services: Options for your Web ServicesOracle REST Data Services: Options for your Web Services
Oracle REST Data Services: Options for your Web ServicesJeff Smith
 

Recomendados

Access Denied: Real-World Use Cases for APEX and Real Application Security
Access Denied: Real-World Use Cases for APEX and Real Application SecurityAccess Denied: Real-World Use Cases for APEX and Real Application Security
Access Denied: Real-World Use Cases for APEX and Real Application SecurityJim Czuprynski
 
Oracle APEX for Beginners
Oracle APEX for BeginnersOracle APEX for Beginners
Oracle APEX for BeginnersDimitri Gielis
 
Reporting with Oracle Application Express (APEX)
Reporting with Oracle Application Express (APEX)Reporting with Oracle Application Express (APEX)
Reporting with Oracle Application Express (APEX)Dimitri Gielis
 
Oracle AHF Insights 23c - Deeper Diagnostic Insights for your Oracle Database...
Oracle AHF Insights 23c - Deeper Diagnostic Insights for your Oracle Database...Oracle AHF Insights 23c - Deeper Diagnostic Insights for your Oracle Database...
Oracle AHF Insights 23c - Deeper Diagnostic Insights for your Oracle Database...Sandesh Rao
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0Mika Koivisto
 
MySQL SQL Tutorial
MySQL SQL TutorialMySQL SQL Tutorial
MySQL SQL TutorialChien Chung Shen
 
MySQL Atchitecture and Concepts
MySQL Atchitecture and ConceptsMySQL Atchitecture and Concepts
MySQL Atchitecture and ConceptsTuyen Vuong
 
Oracle REST Data Services: Options for your Web Services
Oracle REST Data Services: Options for your Web ServicesOracle REST Data Services: Options for your Web Services
Oracle REST Data Services: Options for your Web ServicesJeff Smith
 
Oracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingOracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingDLT Solutions
 
Oracle WebLogic Server Basic Concepts
Oracle WebLogic Server Basic ConceptsOracle WebLogic Server Basic Concepts
Oracle WebLogic Server Basic ConceptsJames Bayer
 
What is new in PostgreSQL 14?
What is new in PostgreSQL 14?What is new in PostgreSQL 14?
What is new in PostgreSQL 14?Mydbops
 
Apache Superset - open source data exploration and visualization (Conclusion ...
Apache Superset - open source data exploration and visualization (Conclusion ...Apache Superset - open source data exploration and visualization (Conclusion ...
Apache Superset - open source data exploration and visualization (Conclusion ...Lucas Jellema
 
My Sql Work Bench
My Sql Work BenchMy Sql Work Bench
My Sql Work BenchLahiru Danushka
 
PostgreSQL HA
PostgreSQL HAPostgreSQL HA
PostgreSQL HAharoonm
 
One PDB to go, please!
One PDB to go, please!One PDB to go, please!
One PDB to go, please!Christian Gohmann
 
Always on in sql server 2017
Always on in sql server 2017Always on in sql server 2017
Always on in sql server 2017Gianluca Hotz
 
PostgreSQL
PostgreSQLPostgreSQL
PostgreSQLAmazon Web Services
 
Deep Dive on Amazon Aurora
Deep Dive on Amazon AuroraDeep Dive on Amazon Aurora
Deep Dive on Amazon AuroraAmazon Web Services
 
Data Guard Architecture & Setup
Data Guard Architecture & SetupData Guard Architecture & Setup
Data Guard Architecture & SetupSatishbabu Gunukula
 
Top 10 Mistakes When Migrating From Oracle to PostgreSQL
Top 10 Mistakes When Migrating From Oracle to PostgreSQLTop 10 Mistakes When Migrating From Oracle to PostgreSQL
Top 10 Mistakes When Migrating From Oracle to PostgreSQLJim Mlodgenski
 
APEX Themes and Templates
APEX Themes and TemplatesAPEX Themes and Templates
APEX Themes and TemplatesInSync Conference
 
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best Practices
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best PracticesOracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best Practices
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best PracticesMarkus Michalewicz
 
Postgresql Database Administration Basic - Day1
Postgresql Database Administration Basic - Day1Postgresql Database Administration Basic - Day1
Postgresql Database Administration Basic - Day1PoguttuezhiniVP
 
UKOUG - 25 years of hints and tips
UKOUG - 25 years of hints and tipsUKOUG - 25 years of hints and tips
UKOUG - 25 years of hints and tipsConnor McDonald
 
Expose your data as an api is with oracle rest data services -spoug Madrid
Expose your data as an api is with oracle rest data services -spoug MadridExpose your data as an api is with oracle rest data services -spoug Madrid
Expose your data as an api is with oracle rest data services -spoug MadridVinay Kumar
 
NY Meetup: Scaling MariaDB with Maxscale
NY Meetup: Scaling MariaDB with MaxscaleNY Meetup: Scaling MariaDB with Maxscale
NY Meetup: Scaling MariaDB with MaxscaleWagner Bianchi
 
ZFS appliance
ZFS applianceZFS appliance
ZFS applianceFran Navarro
 
Oracle 21c: New Features and Enhancements of Data Pump & TTS
Oracle 21c: New Features and Enhancements of Data Pump & TTSOracle 21c: New Features and Enhancements of Data Pump & TTS
Oracle 21c: New Features and Enhancements of Data Pump & TTSChristian Gohmann
 
Service Workers and APEX
Service Workers and APEXService Workers and APEX
Service Workers and APEXDimitri Gielis
 
APEX Security 101
APEX Security 101APEX Security 101
APEX Security 101Dimitri Gielis
 

Más contenido relacionado

La actualidad más candente

Oracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingOracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingDLT Solutions
 
Oracle WebLogic Server Basic Concepts
Oracle WebLogic Server Basic ConceptsOracle WebLogic Server Basic Concepts
Oracle WebLogic Server Basic ConceptsJames Bayer
 
What is new in PostgreSQL 14?
What is new in PostgreSQL 14?What is new in PostgreSQL 14?
What is new in PostgreSQL 14?Mydbops
 
Apache Superset - open source data exploration and visualization (Conclusion ...
Apache Superset - open source data exploration and visualization (Conclusion ...Apache Superset - open source data exploration and visualization (Conclusion ...
Apache Superset - open source data exploration and visualization (Conclusion ...Lucas Jellema
 
PostgreSQL HA
PostgreSQL HAPostgreSQL HA
PostgreSQL HAharoonm
 
Always on in sql server 2017
Always on in sql server 2017Always on in sql server 2017
Always on in sql server 2017Gianluca Hotz
 
Top 10 Mistakes When Migrating From Oracle to PostgreSQL
Top 10 Mistakes When Migrating From Oracle to PostgreSQLTop 10 Mistakes When Migrating From Oracle to PostgreSQL
Top 10 Mistakes When Migrating From Oracle to PostgreSQLJim Mlodgenski
 
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best Practices
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best PracticesOracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best Practices
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best PracticesMarkus Michalewicz
 
Postgresql Database Administration Basic - Day1
Postgresql Database Administration Basic - Day1Postgresql Database Administration Basic - Day1
Postgresql Database Administration Basic - Day1PoguttuezhiniVP
 
UKOUG - 25 years of hints and tips
UKOUG - 25 years of hints and tipsUKOUG - 25 years of hints and tips
UKOUG - 25 years of hints and tipsConnor McDonald
 
Expose your data as an api is with oracle rest data services -spoug Madrid
Expose your data as an api is with oracle rest data services -spoug MadridExpose your data as an api is with oracle rest data services -spoug Madrid
Expose your data as an api is with oracle rest data services -spoug MadridVinay Kumar
 
NY Meetup: Scaling MariaDB with Maxscale
NY Meetup: Scaling MariaDB with MaxscaleNY Meetup: Scaling MariaDB with Maxscale
NY Meetup: Scaling MariaDB with MaxscaleWagner Bianchi
 
Oracle 21c: New Features and Enhancements of Data Pump & TTS
Oracle 21c: New Features and Enhancements of Data Pump & TTSOracle 21c: New Features and Enhancements of Data Pump & TTS
Oracle 21c: New Features and Enhancements of Data Pump & TTSChristian Gohmann
 

La actualidad más candente (20)

Oracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingOracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and Masking
 
Oracle WebLogic Server Basic Concepts
Oracle WebLogic Server Basic ConceptsOracle WebLogic Server Basic Concepts
Oracle WebLogic Server Basic Concepts
 
What is new in PostgreSQL 14?
What is new in PostgreSQL 14?What is new in PostgreSQL 14?
What is new in PostgreSQL 14?
 
Apache Superset - open source data exploration and visualization (Conclusion ...
Apache Superset - open source data exploration and visualization (Conclusion ...Apache Superset - open source data exploration and visualization (Conclusion ...
Apache Superset - open source data exploration and visualization (Conclusion ...
 
My Sql Work Bench
My Sql Work BenchMy Sql Work Bench
My Sql Work Bench
 
PostgreSQL HA
PostgreSQL HAPostgreSQL HA
PostgreSQL HA
 
One PDB to go, please!
One PDB to go, please!One PDB to go, please!
One PDB to go, please!
 
Always on in sql server 2017
Always on in sql server 2017Always on in sql server 2017
Always on in sql server 2017
 
PostgreSQL
PostgreSQLPostgreSQL
PostgreSQL
 
Deep Dive on Amazon Aurora
Deep Dive on Amazon AuroraDeep Dive on Amazon Aurora
Deep Dive on Amazon Aurora
 
Data Guard Architecture & Setup
Data Guard Architecture & SetupData Guard Architecture & Setup
Data Guard Architecture & Setup
 
Top 10 Mistakes When Migrating From Oracle to PostgreSQL
Top 10 Mistakes When Migrating From Oracle to PostgreSQLTop 10 Mistakes When Migrating From Oracle to PostgreSQL
Top 10 Mistakes When Migrating From Oracle to PostgreSQL
 
APEX Themes and Templates
APEX Themes and TemplatesAPEX Themes and Templates
APEX Themes and Templates
 
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best Practices
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best PracticesOracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best Practices
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best Practices
 
Postgresql Database Administration Basic - Day1
Postgresql Database Administration Basic - Day1Postgresql Database Administration Basic - Day1
Postgresql Database Administration Basic - Day1
 
UKOUG - 25 years of hints and tips
UKOUG - 25 years of hints and tipsUKOUG - 25 years of hints and tips
UKOUG - 25 years of hints and tips
 
Expose your data as an api is with oracle rest data services -spoug Madrid
Expose your data as an api is with oracle rest data services -spoug MadridExpose your data as an api is with oracle rest data services -spoug Madrid
Expose your data as an api is with oracle rest data services -spoug Madrid
 
NY Meetup: Scaling MariaDB with Maxscale
NY Meetup: Scaling MariaDB with MaxscaleNY Meetup: Scaling MariaDB with Maxscale
NY Meetup: Scaling MariaDB with Maxscale
 
ZFS appliance
ZFS applianceZFS appliance
ZFS appliance
 
Oracle 21c: New Features and Enhancements of Data Pump & TTS
Oracle 21c: New Features and Enhancements of Data Pump & TTSOracle 21c: New Features and Enhancements of Data Pump & TTS
Oracle 21c: New Features and Enhancements of Data Pump & TTS
 

Destacado

Service Workers and APEX
Service Workers and APEXService Workers and APEX
Service Workers and APEXDimitri Gielis
 
Protect Sensitive Data: Implementing Fine-Grained Access Control in Oracle
Protect Sensitive Data: Implementing Fine-Grained Access Control in OracleProtect Sensitive Data: Implementing Fine-Grained Access Control in Oracle
Protect Sensitive Data: Implementing Fine-Grained Access Control in OracleNelson Calero
 
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck by Synopsys
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
Scaling IoT: Telemetry, Command & Control, Analytics and the Cloud
Scaling IoT: Telemetry, Command & Control, Analytics and the CloudScaling IoT: Telemetry, Command & Control, Analytics and the Cloud
Scaling IoT: Telemetry, Command & Control, Analytics and the CloudNick Landry
 
Oracle’s Advanced Analytics & Machine Learning 12.2c New Features & Road Map;...
Oracle’s Advanced Analytics & Machine Learning 12.2c New Features & Road Map;...Oracle’s Advanced Analytics & Machine Learning 12.2c New Features & Road Map;...
Oracle’s Advanced Analytics & Machine Learning 12.2c New Features & Road Map;...Charlie Berger
 
Introduction to Machine Learning for Oracle Database Professionals
Introduction to Machine Learning for Oracle Database ProfessionalsIntroduction to Machine Learning for Oracle Database Professionals
Introduction to Machine Learning for Oracle Database ProfessionalsAlex Gorbachev
 
Software Defined Networking (SDN) with VMware NSX
Software Defined Networking (SDN) with VMware NSXSoftware Defined Networking (SDN) with VMware NSX
Software Defined Networking (SDN) with VMware NSXZivaro Inc
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 

Destacado (11)

Service Workers and APEX
Service Workers and APEXService Workers and APEX
Service Workers and APEX
 
APEX Security 101
APEX Security 101APEX Security 101
APEX Security 101
 
Protect Sensitive Data: Implementing Fine-Grained Access Control in Oracle
Protect Sensitive Data: Implementing Fine-Grained Access Control in OracleProtect Sensitive Data: Implementing Fine-Grained Access Control in Oracle
Protect Sensitive Data: Implementing Fine-Grained Access Control in Oracle
 
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open Source
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
Scaling IoT: Telemetry, Command & Control, Analytics and the Cloud
Scaling IoT: Telemetry, Command & Control, Analytics and the CloudScaling IoT: Telemetry, Command & Control, Analytics and the Cloud
Scaling IoT: Telemetry, Command & Control, Analytics and the Cloud
 
Oracle’s Advanced Analytics & Machine Learning 12.2c New Features & Road Map;...
Oracle’s Advanced Analytics & Machine Learning 12.2c New Features & Road Map;...Oracle’s Advanced Analytics & Machine Learning 12.2c New Features & Road Map;...
Oracle’s Advanced Analytics & Machine Learning 12.2c New Features & Road Map;...
 
Introduction to Machine Learning for Oracle Database Professionals
Introduction to Machine Learning for Oracle Database ProfessionalsIntroduction to Machine Learning for Oracle Database Professionals
Introduction to Machine Learning for Oracle Database Professionals
 
Software Defined Networking (SDN) with VMware NSX
Software Defined Networking (SDN) with VMware NSXSoftware Defined Networking (SDN) with VMware NSX
Software Defined Networking (SDN) with VMware NSX
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
 

Similar a Real Application Security (RAS) and Oracle Application Express (APEX)

Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...Amazon Web Services
 
Aws architecture main ideas
Aws architecture main ideasAws architecture main ideas
Aws architecture main ideasCraig F.R Read
 
Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности Cisco Russia
 
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk
 
Government and Education Webinar: Improving Application Performance
Government and Education Webinar: Improving Application PerformanceGovernment and Education Webinar: Improving Application Performance
Government and Education Webinar: Improving Application PerformanceSolarWinds
 
Single Sign-On for APEX apps (Important: latest version on edocr!)
Single Sign-On for APEX apps (Important: latest version on edocr!)Single Sign-On for APEX apps (Important: latest version on edocr!)
Single Sign-On for APEX apps (Important: latest version on edocr!)Niels de Bruijn
 
Finding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldFinding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldShannon Lietz
 
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS AccountsHow to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS AccountsSebastian Taphanel CISSP-ISSEP
 
Annual OktCyberfest 2019
Annual OktCyberfest 2019Annual OktCyberfest 2019
Annual OktCyberfest 2019Fahad Al-Hasan
 
Evaluating Web App, Mobile App, and API Security - Matt Cohen
Evaluating Web App, Mobile App, and API Security - Matt CohenEvaluating Web App, Mobile App, and API Security - Matt Cohen
Evaluating Web App, Mobile App, and API Security - Matt CohenInman News
 
Security guidelines
Security guidelinesSecurity guidelines
Security guidelineskarthz
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsRightScale
 
SolarWinds Federal Webinar: Technical Update & New Feature Demo November 2016
SolarWinds Federal Webinar: Technical Update & New Feature Demo November 2016SolarWinds Federal Webinar: Technical Update & New Feature Demo November 2016
SolarWinds Federal Webinar: Technical Update & New Feature Demo November 2016SolarWinds
 
Moving your APEX app to the Oracle Exadata Express Cloud
Moving your APEX app to the Oracle Exadata Express CloudMoving your APEX app to the Oracle Exadata Express Cloud
Moving your APEX app to the Oracle Exadata Express CloudDimitri Gielis
 
Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceAmazon Web Services
 
Air Force Webinar: Using a SIEM to Improve Your IT Security
Air Force Webinar: Using a SIEM to Improve Your IT Security Air Force Webinar: Using a SIEM to Improve Your IT Security
Air Force Webinar: Using a SIEM to Improve Your IT Security SolarWinds
 
Presentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion seguraPresentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion seguraRogerChaucaZea
 
M-Files Enterprise Content Management Software
M-Files Enterprise Content Management SoftwareM-Files Enterprise Content Management Software
M-Files Enterprise Content Management SoftwareChris Davidson
 
Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Kal BO
 

Similar a Real Application Security (RAS) and Oracle Application Express (APEX) (20)

Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
 
Aws architecture main ideas
Aws architecture main ideasAws architecture main ideas
Aws architecture main ideas
 
Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности
 
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
 
Government and Education Webinar: Improving Application Performance
Government and Education Webinar: Improving Application PerformanceGovernment and Education Webinar: Improving Application Performance
Government and Education Webinar: Improving Application Performance
 
Single Sign-On for APEX apps (Important: latest version on edocr!)
Single Sign-On for APEX apps (Important: latest version on edocr!)Single Sign-On for APEX apps (Important: latest version on edocr!)
Single Sign-On for APEX apps (Important: latest version on edocr!)
 
Finding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldFinding Security a Home in a DevOps World
Finding Security a Home in a DevOps World
 
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS AccountsHow to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
 
Annual OktCyberfest 2019
Annual OktCyberfest 2019Annual OktCyberfest 2019
Annual OktCyberfest 2019
 
Evaluating Web App, Mobile App, and API Security - Matt Cohen
Evaluating Web App, Mobile App, and API Security - Matt CohenEvaluating Web App, Mobile App, and API Security - Matt Cohen
Evaluating Web App, Mobile App, and API Security - Matt Cohen
 
Security guidelines
Security guidelinesSecurity guidelines
Security guidelines
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid Clouds
 
SolarWinds Federal Webinar: Technical Update & New Feature Demo November 2016
SolarWinds Federal Webinar: Technical Update & New Feature Demo November 2016SolarWinds Federal Webinar: Technical Update & New Feature Demo November 2016
SolarWinds Federal Webinar: Technical Update & New Feature Demo November 2016
 
Moving your APEX app to the Oracle Exadata Express Cloud
Moving your APEX app to the Oracle Exadata Express CloudMoving your APEX app to the Oracle Exadata Express Cloud
Moving your APEX app to the Oracle Exadata Express Cloud
 
Paas ppt
Paas pptPaas ppt
Paas ppt
 
Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database Service
 
Air Force Webinar: Using a SIEM to Improve Your IT Security
Air Force Webinar: Using a SIEM to Improve Your IT Security Air Force Webinar: Using a SIEM to Improve Your IT Security
Air Force Webinar: Using a SIEM to Improve Your IT Security
 
Presentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion seguraPresentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion segura
 
M-Files Enterprise Content Management Software
M-Files Enterprise Content Management SoftwareM-Files Enterprise Content Management Software
M-Files Enterprise Content Management Software
 
Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...
 

Más de Dimitri Gielis

Bring the light in your Always FREE Oracle Cloud
Bring the light in your Always FREE Oracle CloudBring the light in your Always FREE Oracle Cloud
Bring the light in your Always FREE Oracle CloudDimitri Gielis
 
APEX Office Print (AOP)
APEX Office Print (AOP)APEX Office Print (AOP)
APEX Office Print (AOP)Dimitri Gielis
 
REST Web Service? No, GraphQL please!
REST Web Service? No, GraphQL please!REST Web Service? No, GraphQL please!
REST Web Service? No, GraphQL please!Dimitri Gielis
 
Can You Do That with APEX? Building Not So Straightforward Pages
Can You Do That with APEX? Building Not So Straightforward PagesCan You Do That with APEX? Building Not So Straightforward Pages
Can You Do That with APEX? Building Not So Straightforward PagesDimitri Gielis
 
Bringing Virtual Reality (VR) and Augmented Reality (AR) to APEX
Bringing Virtual Reality (VR) and Augmented Reality (AR) to APEXBringing Virtual Reality (VR) and Augmented Reality (AR) to APEX
Bringing Virtual Reality (VR) and Augmented Reality (AR) to APEXDimitri Gielis
 
Oracle APEX Cheat Sheet
Oracle APEX Cheat SheetOracle APEX Cheat Sheet
Oracle APEX Cheat SheetDimitri Gielis
 
JavaScript straight from the Oracle Database
JavaScript straight from the Oracle DatabaseJavaScript straight from the Oracle Database
JavaScript straight from the Oracle DatabaseDimitri Gielis
 
Moving to the APEX Listener
Moving to the APEX ListenerMoving to the APEX Listener
Moving to the APEX ListenerDimitri Gielis
 
APEX 5 Demo and Best Practices
APEX 5 Demo and Best PracticesAPEX 5 Demo and Best Practices
APEX 5 Demo and Best PracticesDimitri Gielis
 
A Primer on Web Components in APEX
A Primer on Web Components in APEXA Primer on Web Components in APEX
A Primer on Web Components in APEXDimitri Gielis
 
How to make APEX print through Node.js
How to make APEX print through Node.jsHow to make APEX print through Node.js
How to make APEX print through Node.jsDimitri Gielis
 
Oracle Application Express (APEX) and Microsoft Sharepoint integration
Oracle Application Express (APEX) and Microsoft Sharepoint integrationOracle Application Express (APEX) and Microsoft Sharepoint integration
Oracle Application Express (APEX) and Microsoft Sharepoint integrationDimitri Gielis
 

Más de Dimitri Gielis (14)

Bring the light in your Always FREE Oracle Cloud
Bring the light in your Always FREE Oracle CloudBring the light in your Always FREE Oracle Cloud
Bring the light in your Always FREE Oracle Cloud
 
APEX Office Print (AOP)
APEX Office Print (AOP)APEX Office Print (AOP)
APEX Office Print (AOP)
 
REST Web Service? No, GraphQL please!
REST Web Service? No, GraphQL please!REST Web Service? No, GraphQL please!
REST Web Service? No, GraphQL please!
 
Can You Do That with APEX? Building Not So Straightforward Pages
Can You Do That with APEX? Building Not So Straightforward PagesCan You Do That with APEX? Building Not So Straightforward Pages
Can You Do That with APEX? Building Not So Straightforward Pages
 
Bringing Virtual Reality (VR) and Augmented Reality (AR) to APEX
Bringing Virtual Reality (VR) and Augmented Reality (AR) to APEXBringing Virtual Reality (VR) and Augmented Reality (AR) to APEX
Bringing Virtual Reality (VR) and Augmented Reality (AR) to APEX
 
Oracle APEX Cheat Sheet
Oracle APEX Cheat SheetOracle APEX Cheat Sheet
Oracle APEX Cheat Sheet
 
JavaScript straight from the Oracle Database
JavaScript straight from the Oracle DatabaseJavaScript straight from the Oracle Database
JavaScript straight from the Oracle Database
 
APEX Office Print
APEX Office PrintAPEX Office Print
APEX Office Print
 
Moving to the APEX Listener
Moving to the APEX ListenerMoving to the APEX Listener
Moving to the APEX Listener
 
APEX Wearables
APEX WearablesAPEX Wearables
APEX Wearables
 
APEX 5 Demo and Best Practices
APEX 5 Demo and Best PracticesAPEX 5 Demo and Best Practices
APEX 5 Demo and Best Practices
 
A Primer on Web Components in APEX
A Primer on Web Components in APEXA Primer on Web Components in APEX
A Primer on Web Components in APEX
 
How to make APEX print through Node.js
How to make APEX print through Node.jsHow to make APEX print through Node.js
How to make APEX print through Node.js
 
Oracle Application Express (APEX) and Microsoft Sharepoint integration
Oracle Application Express (APEX) and Microsoft Sharepoint integrationOracle Application Express (APEX) and Microsoft Sharepoint integration
Oracle Application Express (APEX) and Microsoft Sharepoint integration
 

Último

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 

Último (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

Real Application Security (RAS) and Oracle Application Express (APEX)

  • 1. Dimitri Gielis Real Application Security (RAS) in APEX www.apexRnD.be dgielis.blogspot.com @dgielis dgielis@apexRnD.be
  • 2. Dimitri Gielis ❖ Founder & CEO of APEX R&D ❖ 18+ years of Oracle Experience (OCP & APEX Certified) ❖ Oracle ACE Director ❖ “APEX Developer of the year 2009” by Oracle Magazine ❖ “Oracle Developer Choice award (ORDS)” in 2015 ❖ Author Expert Oracle Application Express ❖ Presenter at Oracle Conferences (OOW, ODTUG, OGh, UKOUG, …)
  • 5. Agenda ❖ Security in an APEX app ❖ Introduction to Real Application Security (RAS) ❖ Using RAS in Oracle Application Express (APEX) ❖ Live demo implementing RAS in APEX app
  • 7. Oracle APEX Security ❖ Authentication schemes ❖ Can I go in? - Users ❖ SSO, Custom table, APEX, DB… ❖ Authorization schemes ❖ What can I do? - Roles ❖ Defined on APEX components (page, item, navigation, …)
  • 8. Access Control ❖ Easy wizard ❖ Creation of Authorization schemes & Admin screen ❖ Assign roles to users ❖ Targeted for UI, not for Data
  • 11. Challenges on Data Access Control What about data?
  • 12. Challenges on Data Access Control ❖ Code executed under privileged user ❖ Database unaware of end users ❖ Data access policy (data security) is hard coded in ❖ Where-clause - application level ❖ Views - database level ❖ Virtual Private Database (VPD) - database level
  • 14. Real Application Security (RAS) A database authorisation solution for end-to-end application security
  • 15. RAS Key features ❖ Support Application Users and Sessions ❖ Schema-less user, security and application context in DB ❖ Support Application Privileges and Roles ❖ Support fine-grained data access control on rows and columns ❖ Based on user operation execution context ❖ Enforce security close to data
  • 16. Example Application Security ❖ All employees can view public information ❖ An employee can view own record, update contact information ❖ Manager can view salary of his/her reports Name Manager SSN Salary Phone Number Adam Steven 515.123.4567 Neena Steven 515.123.4568 Nancy Neena 515.124.4569 Luis Nancy 515.124.4567 John Nancy 515.124.4269 Daniel Nancy 515.124.4469 Nancy Neena 108-51-4569 12030 650.111.3300 6900 8200 9000
  • 17. RAS Concepts: Data Realms ❖ A group of rows representing a business object ❖ All employees ❖ My own employee record ❖ All employees under my report ❖ Assign privileges to columns ❖ viewSSN for SSN column ❖ viewSalary for Salary column Employee table My own My reports viewSSN viewSalary All records
  • 18. RAS Concepts: Policy components ❖ Data Security policy is a collection of Data Realms and ACLs ❖ Each Data Realm has an associated ACL with grants Access Control List (ACL) -Grant select to Manager -Grant viewSalary to Manager Application Privilege -select,viewSalary Application Privilege -select,viewSalary Application Role - Manager Application Role - Manager Data Realm - Employees under my report Data Realm - Employees under my report Access Control List (ACL) -Grant select to Manager -Grant viewSalary to Manager Data Realm - Employees under my report Application Role - Manager Application Privilege -select,viewSalary
  • 19. RAS: setup with PL/SQL API xs_principal.create_role(name => 'emp_role', enabled => true); xs_security_class.create_security_class( name => 'hr.hrprivs', parent_list => xs$name_list('sys.dml'), priv_list => xs$privilege_list(xs$privilege('view_salary')));
  • 21. RAS Administration Tool: ACLs Grants on my record Grants on all records Grants on my reports
  • 22. RAS Administration Tool: Application Roles HR Representatives can view SSN Employees can view and update their own records Managers can view salaries of their reports
  • 23. Real Application Security Features • VP delegating calendar management function to an AssistantControlled Delegation • Contractor getting access for a specific duration Effective-date support • Access to certain reports allowed only on intranetNegative grants • Batch programs with elevated privileges to summarize dataCode-based security • Conditional rendering of User InterfaceFunction Security • Application users, privileges, roles are known to databaseAuditing
  • 24. Real Application Security Architecture Data Security Policy DB Sessions RAS Sessions SQL*PlusAPEX apps…
  • 26. RAS Integration with APEX ❖ Application users continue to be provisioned 
 in the database or identity stores ❖ User authentication remains in APEX ❖ RAS session contains application user, 
 its roles, and session context ❖ Based on APEX user’s security context ❖ Application code executes within RAS session ❖ Attached and detached to a db session Page Request APEX Session Page Display Application code Detach RAS Session Attach RAS Session
  • 27. RAS Integration with APEX 5 ❖ APEX can use RAS users, roles, and data security policy ❖ Instead of custom authorization using VPD ❖ RAS Session is transparently created based on APEX session ❖ For APEX authorization schemes, use RAS ACL check operators
  • 28. Demo RAS in APEX
  • 29. RAS Benefits ❖ Stronger security ❖ Enforced regardless of entry points: direct, APEX, or middleware ❖ Audit end-user activity in database audit trail ❖ Simpler development ❖ Declarative policy, relieves writing authorization code ❖ Native support for application roles, application privileges, application users ❖ High Performance Access Control ❖ Optimized for typical data access patterns within core database ❖ Simpler administration ❖ Centralized management, end-to-end uniform security across mid-tier and database
  • 30. RAS - to know… ❖ One RAS repository for the whole database ❖ Takes a bit of time to get used to the implementation and naming ❖ RASADM can help, but … ❖ RASADM doesn’t expose all features ❖ RASADM app didn’t always behave as expected 
 (had to patch it to get some things working ) ❖ Once you enable RAS make sure to test your app (!)
 APEX Advisor can’t check for the correct grants (yet).
  • 31. References ❖ Oracle RAS Developer Guide
 docs.oracle.com/database/121 ❖ Oracle RAS Papers
 www.oracle.com/technetwork/database/security/real-application-security ❖ Presentation by Vikram Pesati ❖ Presentation by Joel Kallman & Tanvir Ahmed 
 www.slideserve.com/odele/oracle-database-12c-real-application-security-for-oracle-application- express
  • 33. ❖ Looking for consulting, training and development in Oracle Application Express (APEX)? ❖ Contact : www.apexRnD.be ❖ Mail : info@apexRnD.be Consulting, Development, Training