Securing APEX Applications

Most APEX installations at CERN include a tool for doing security scans of APEX applications. For more details, see the quick start guide.

APEX-SERT tool is an open-source tool that allows the user to evaluate the application to identify possible vulnerabilities and to remedy them. Found vulnerabilities can range from SQL-injection, XSS and deep linking to item protection and many other categories as seen below.

When user clicks on an area on the chart, the tool gives an easy access to a more detailed view about found vulnerabilities:

If it is not known why something was considered to be a vulnerability, the tool provides, in most cases, extra information on the vulnerability:

Additionally, if you develop any software or web applications at CERN, you are strongly encouraged to attend free "Developing secure software" course. The last part of the course is dedicated to Web application security: typical vulnerabilities are demonstrated, and ways to avoid them are discussed.

Some other materials worth having a look: