Your SlideShare is downloading. ×
0
sumnevaSERT Presentation
sumnevaSERT Presentation
sumnevaSERT Presentation
sumnevaSERT Presentation
sumnevaSERT Presentation
sumnevaSERT Presentation
sumnevaSERT Presentation
sumnevaSERT Presentation
sumnevaSERT Presentation
sumnevaSERT Presentation
sumnevaSERT Presentation
sumnevaSERT Presentation
sumnevaSERT Presentation
sumnevaSERT Presentation
sumnevaSERT Presentation
sumnevaSERT Presentation
sumnevaSERT Presentation
sumnevaSERT Presentation
sumnevaSERT Presentation
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

sumnevaSERT Presentation

143

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
143
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. sumnevaSERT
  • 2. AGENDA• Overview• Demonstration• Summary2 Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
  • 3. Overview3 Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
  • 4. INSECURITIES• We live in a time where the security of data is the most emphasized yet least practiced thing • WikiLeaks • HBGary • Epsilon• Unfortunately, adding security to our applications is almost always event driven or reactive4 Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
  • 5. CUSTOMER DEMAND• Despite this, we’re all tasked with quickly developing applications for our customers/ clients • Often times, we take shortcuts and leave out things, like security • Not because we want to, because we have to5 Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
  • 6. EXCUSES, EXCUSES...• We make many, many excuses to ourselves as to why we didn’t adequately secure our applications: • Not enough time • No one cares about the data/application • It’s “internal only” • Our users are not smart enough to do anything malicious • False sense of security6 Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
  • 7. RECIPE FOR DISASTER• Given: • The stresses of getting our applications released quickly • The lack of time we have to do so• Our applications - APEX & otherwise - are likely to have potential security vulnerabilities that we could easily fix • If we only knew what they were and had the time...7 Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
  • 8. SUMNEVASERT• sumnevaSERT: Security Evaluation & Review Tool• APEX application designed to evaluate and identify potential security issues in other APEX applications • Supports APEX 4.0+ • Runs on any edition of the database • Can be easily customized to meet your specific security and/or QA requirements8 Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
  • 9. HOW IT WORKS• sumnevaSERT uses a simple scoring & red light/ green light approach to evaluate your application based on a number of pre-defined criteria • Each application gets a score based on the result of evaluating an attribute • Percentage as well as X of Y points • Each attribute evaluated either passes or fails • Pass yields a point; failure yields none9 Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
  • 10. HOW IT WORKS An authorization scheme was expected, but not found. Thus, this attribute failed. The developer can click on Fix and see step-by-step instructions.10 Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
  • 11. WHAT IT LOOKS FOR• sumnevaSERT ships with a set of attributes that inspect APEX applications for the following: • Application Settings • Session State Protection • Session Timeout • Unrestricted Items • Security Attributes • Encrypted Items • Schema Properties • Page Access • SQL Injection • Form Autocomplete • Cross Site Scripting • Authorization Schemes11 Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
  • 12. ONE SIZE DOESN’T FIT ALL• If you need additional attributes inspected, you can customize sumnevaSERT as much as you like• sumnevaSERT supports a number of rule types: • NULL/NOT NULL • List of Valid Values • Less Than/Greater Than • PL/SQL12 Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
  • 13. MULTI-PURPOSE• Thus, you can create your own attribute set(s) for specific purposes, for example: • General Security Attributes • General set of attributes that must be met and a minimal score must be achieved • Application with Sensitive Data • Look for specific columns in reports and flag for follow-up • Minimal Configuration Signature • Applications must use a specific authentication scheme, etc.13 Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
  • 14. sumnevaSERT D E M O N S T R A T I O N14 Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
  • 15. Summary15 Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
  • 16. THE REALITY• sumnevaSERT will identify most security exploits that hackers and malicious users alike look for in APEX applications and provide step-by-step solutions to fix them • But it will not secure everything • There’s no such thing as a silver bullet of any sort...• You still need a strong overall security policy • Strong Passwords • Physical access control • Code Audits • Best Practices16 Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
  • 17. AVAILABILITY• Initial release in Beta now • Still accepting beta customers - contact us for details• Targeted release of June 2011 • Will support APEX 4.0+17 Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
  • 18. LICENSING• Per instance of APEX • Can run on as many applications as you like in as many workspaces as you like in a single instance of APEX• Contact us for details & pricing • sales@sumneva.com • +1 (703) 879-4615 • http://www.sumneva.com/sert18 Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
  • 19. http://sumneva.com19 Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com

×