2. The following is intended to outline our general
product & services direction. It is intended for
information purposes only, and may not be
incorporated into any contract or agreement. It is
not a commitment to deliver any service, material,
code, or functionality, and should not be relied
upon in making purchasing decisions.
The development, release, and timing of any
features or functionality described for Enkitecβs
products remains at the sole discretion of Enkitec.
2
4. About Enkitec
βο Oracle Platinum Partner
βο Established in 2004
βο Headquartered in Dallas, TX
βο Locations throughout the US & EMEA
βο Specialties include:
βο Exadata Implementations
βο Development Services
βο PL/SQL / Java / APEX
βο DBA/Data Warehouse/RAC
βο Business Intelligence
4
7. Services
7
βο One of the largest pool of experienced & totally
focused APEX resources in the world
βο Many of whom are presenting @ KScope this week!
8. Education
8
X X X X X
X X X X X
X X X X X
Enkitec APEX Training
βο Intro I
βο Intro II
βο Advanced APEX
βο Secure Best Practices
βο Troubleshooting
& Debugging
βο APEX Installation
& Administration
βο Custom
10. Enkitec @ KScope
βο Monday
βο Making Sense of APEX Security
βο Compelling, Dynamic, Graphical - And if Weβre Lucky -
Useful E-Mail Generation
βο APEX Behind the Scenes
βο Open Mic Night
βο Tuesday
βο Enterprise Class APEX
βο Thatβs Not Where I Want That!
βο Building Commercial Applications with APEX
10
11. Enkitec @ KScope
βο Wednesday
βο LOBS, BLOBS, CLOBS - Dealing with Attachments in APEX
βο Load Testing APEX Applications
βο Mastering the Oracle Data Pump
βο Thursday
βο Dynamic Action Deep Dive 1
βο Dynamic Action Deep Dive 2
βο Dynamic Action Deep Dive 3
11
12. Products
12
βο eFramework - Free Edition
βο Basic user & role management
βο eSERT
βο APEX application that evaluates the security of other APEX
applications
βο eSERT Cloud
βο Online version of eSERT
14. Plug-Ins
βο Plug-Ins allow developers to extend the
capabilities of APEX itself
βο Several different types:
βο Item
βο Region
βο Process
βο Dynamic Action
βο Authorization Schemes
βο Authentication Schemes
14
15. Plug-Ins
βο Plug-Ins are great additions to APEX
βο However, they are inherently
complex and can fail for a
number of different reasons:
βο APEX Upgrade
βο Browser Upgrade
βο Code Changes
βο jQuery Issues
βο Most failures cannot easily
or efficiently be addressed by
the average APEX developer
15
17. Enkitec Plug-In Support
βο Curated list of supported Plug-Ins and
corresponding APEX releases
βο Two levels:
βο Basic
βο Enterprise
βο Enkitec Plug-Ins will continue to be provided at
no cost for anyone via www.enkitec.com
17
18. Plug-In Support: Basic
18
βο $999 annually per βproduction streamβ
βο E-Mail support with 2 business day response time
βο Receive releases and updates ahead of public
βο Access to Forums
19. Plug-In Support: Enterprise
19
βο $1999 annually per βproduction streamβ
βο E-Mail/Phone/Web support with 1 business day
response time
βο Receive releases and updates ahead of public
βο Access to Forums
βο Monthly Call with Enkitec APEX Developers
βο Prioritized Feature Requests
24. eSERT
24
βο eSERT is an APEX application that evaluates the
security of other APEX applications
βο Provides step-by-step instructions on how to address
vulnerabilities
βο Designed to be used as a part of your
development process, not at the end
βο Total integration with the APEX
development environment
βο Collaborate with all APEX developers
25. βο eSERT inspects APEX applications and reports on
threats in five classifications:
App Settings
Page Settings
SQL Injection
Cross Site Scripting
URL Tampering
Classifications
25
26. Ongoing Collaborative Evaluation
26
βο eSERT allows developers to add exceptions for
false positives and acceptable risks
βο All exceptions must be reviewed & approved by
a manager before the βapprovedβ score increases
βο As exceptions are logged, the value of the
attribute in question is also captured
βο If this value changes at any time, the exception will be
instantly flagged as βstaleβ and require re-approval
27. βο Correcting each additional security vulnerability
may cause other functional issues
βο Thus, a high number of vulnerabilities corrected at once
will yield more functional defects
Without eSERT
27
2007 2008 2009 Untitled 1Untitled 2Time
Vulnerabilities
28. With eSERT
28
2007 2009 Untitled 1Time
Vulnerabilities
βο Using eSERT to keep security vulnerabilities to a
minimum reduces the number of functional
defects introduced
29. Customers Across All Industries
βο Private Sector
βο Multi-Channel Retailer
βο Massive application with Over 300
Concurrent Users
βο Major Defense Contractor
βο Hundreds of applications
βο Major Healthcare Provider
βο Infrastructure Management
βο Higher Education
βο Multiple Major Universities
βο Access to student & research
information
βο Public Sector
βο Intelligence Agency
βο Over 100 internal applications
βο Local Government
βο Internal Applications
βο Civilian Agency
βο Internet Facing
e-Commerce Application
βο DOD Agency
βο Logistical Reports & Info
29
31. Slidewww.oh-tech.org
Research & Innovation Center will operate, when opened, as the
proving grounds for next-generation technology infrastructure innovations and a
catalyst for cutting-edge research and collaboration.
The OH-TECH Consortium
Ohio Supercomputer Center provides high performance computing,
software, storage and support services for Ohioβs scientists, faculty, students,
businesses and their research partners.
OARnet connects Ohioβs universities, colleges, K-12, health care and state and
local governments to its high-speed fiber optic network backbone. OARnet services
include co-location, support desk, federated identity and virtualization.
OhioLINK serves nearly 600,000 higher education students and faculty by
providing a statewide system for sharing 50 million books and library materials,
while aggregating costs among its 90 member institutions.
eStudent Services provides students increased access to higher education
through e-learning and technology-enhanced educational opportunities, including
virtual tutoring.
32. Slidewww.oh-tech.org
eSERT Testimonial
β’ Standards, Checks and Balances
β’ Developer Accountability and approval workflow
β’ Efficiency and Productivity
β’ Audit compliance
β’ Outsourcing Development
β’ Support
35. βο Per βProduction Streamβ
βο Up to 4 instances of APEX in a Production instance of APEX
βο Any Number of Workspaces/Applications/Users
Licensing
35
DEV QA ProductionTEST
36. eSERT Statement of Direction
βο Support for APEX 5.0
βο Shortly after release
βο Additional Reports & Analytics
βο Scheduled Evaluation Enhancements
βο Team Development Integration
βο eFramework Integration
36
39. eSERT Cloud
39
βο eSERT cloud is a affordable hosted service where
anyone can upload their APEX applications and
get an instant security evaluation via eSERT
βο Interactive Online Dashboard with summary results
βο PDF Summary Report (typically 100+ pages)
40. How it Works - 5 Simple Steps
1) Create an account at http://enkitec.com/sert
2) Request a workspace to upload your APEX
applications into
3) Purchase evaluation credits
(1 credit = 1 application evaluation)
4) Select an application to evaluate
5) View and/or download the results
40
41. How it Works - 5 4 Simple Steps
1) Create an account at http://enkitec.com/sert
2) Request a workspace to upload your APEX
applications into
3) Purchase evaluation credits
(1 credit = 1 application evaluation)
4) Select an application to evaluate
5) View and/or download the results
41
45. Problem: User & Role Management
45
βο Multiple user repositories
βο Different applications manage roles differently
βο Or not at all...
βο Lack of auditing when managing and/or assigning
roles
βο Especially in home-grown systems
βο No central view of what applications & roles a
single user has access to
46. Problem: Too Much Access
46
βο APEX instance administration console gives a user
complete access to the instance
βο Users with access to this can:
βο Create or Delete Workspaces
βο Create or Delete Schemas
βο Assign a Developer to Any Workspace
βο Alter the instance options and
security settings
βο Approve Requests
βο Monitor Usage
βο Deploying in Runtime Mode makes even this option
unusable
47. Problem: Not Enough Access
47
βο On the other hand, there are several commonly
needed management features that are not
available from the APEX admin console
βο Manage User Repositories
βο Manage Users & Roles
βο Enable/Disable an Application
βο Secure Pages with Roles
βο Manage Application Help
βο View Errors
βο View Feedback
48. Solution: Enkitec eFramework
48
βο The Enkitec eFramework is an APEX-based
platform for deploying, managing & monitoring
multiple APEX applications
βο Provides a central Management & Monitoring
console that can be discretely delegated to any
user
βο On either an application or workspace basis
50. Key Features
βο User Repository Integration
βο Discrete user-to-app or user-to-workspace
management
βο Role Management
βο Page Security
βο Centralized Help
βο Monitoring Reports & Charts
βο Error Management
βο Auditing
βο Application Control
50
51. How it Integrates
βο eFramework provides a set of APIs that can easily
and non-intrusively be integrated into existing
APEX applications
βο Configuration Typically less than 5 minutes per application
βο Built-in Verification Tool to assist with integration
51
β’ Application Item
β’ Page Zero Region
β’ Error Handling Call
β’ Authentication Scheme
β’ Authorization Scheme(s)
β’ PL/SQL Init & Cleanup
β’ Navigation Bar Entries
β’ Label Templates
52. eFramework
How its Configured
52
Administration Management
Manage Application 100,101 & 102
Monitor all Applications in Workspace PROD
Manage Help Text in Application 100
Equivalent to APEX Instance Administrator
Customer Applications
54. How We Use It
54
Enkitec Internal Apps
Launchpad STATSLDAP
Enkitec Public Website
Launchpad www.enkitec.comCustom
Oracle Sales Portal
Launchpad Sales ForecastCustom
Data
Shadow
Shadow
Single APEX Workspace
56. Summary
56
βο eFramework provides a robust development,
management & monitoring platform for multiple
APEX applications
βο Can be integrated with any user repository
βο Provides a federated view of all APEX application activity
and associated access controls
βο Simple to integrate with existing APEX applications
57. eFramework Statement of Direction
βο Additional Reports & Analytics
βο Integration with eSERT
βο Alerts
βο Enhanced Auditing Capabilities
57
63. For More Info
63
βο Contact us for details & pricing
βο sales@enkitec.com
βο +1 972 607 3751
βο Visit our Booth in the Exhibition Hall