Scribd Logo
Upload

Welcome to Scribd!

  • Apex Security Review

    Uploaded by

    skr expertsoft
    20 views1 page
    Session state protection is used to prevent URL tampering by setting parameters in the session state at the page or item level. Iframes are used to protect links from user hacks and can be disabled in the developer tools. Custom JavaScript is used to add rows instead of the default button, and pages are opened in iframes as required. While item level validation is implemented, it may not be perfect, so adding proper validation where missing is advised.

    Original Description:

    APEX

    Original Title

    apex_security_review

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Session state protection is used to prevent URL tampering by setting parameters in the session state at the page or item level. Iframes are used to protect links from user hacks and can be disabled in the developer tools. Custom JavaScript is used to add rows instead of the default button, and pages are opened in iframes as required. While item level validation is implemented, it may not be perfect, so adding proper validation where missing is advised.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    20 views1 page

    Apex Security Review

    Uploaded by

    skr expertsoft
    Session state protection is used to prevent URL tampering by setting parameters in the session state at the page or item level. Iframes are used to protect links from user hacks and can be disabled in the developer tools. Custom JavaScript is used to add rows instead of the default button, and pages are opened in iframes as required. While item level validation is implemented, it may not be perfect, so adding proper validation where missing is advised.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 1

    Session State Protection in not Used in any Place

    so that Never Protect Page Item when send Value to Item

    1. Session state protection is used to prevent the URL Tampering. Whatever the parameter used in
    the Calling URL has to set as Session state. So, page level can be applied whenever is required or
    item Level

    Never Used Authorizations to protect Page


    1. Authorization – Implementation will have issue with Modal dialog page calling, Workflow page.
    It can be implement.

    They are Using Iframe to protect Link from User Hack


    1. Iframe – Design wise – requested by PASI (can be disabled the developer tool) and disable the
    status link also in the bottom of the browser

    hide default Option from Apex and replace It with Custom Code without Handling
    Exception
    1. Java Script involved in Add Row instead of default add row button – as per requirement

    "Embed in Frames" leaves the application vulnerable to clickjacking attacks.


    1. As per Requirement – Open the page in “Embed in Frames”. (with same origin)

    Validation is not implemented perfectly


    1. Item level validation has implemented in all the places. If not yet, please advise to add it
    properly. Already we have attribute to set it.

    You might also like