Monday, 10 April 2023

APEX Security - APEX SERT 22.2 download

APEX Security - APEX SERT 22.2

Free and easy security scanning tool for your APEX apps

This time just a quick notice.... there is a new version of APEX SERT for APEX 22.2 available for download.

Anyone who is on APEX 22.2 version this is SERT version for you.

I also updated my original APEX SERT post with the same link. 

Install, share and provide feedback ;)

Happy APEXing,


Thursday, 9 March 2023

APEX security - How to use APEX SERT

APEX SERT first run

How to run first security scan using APEX SERT?

If you read my previous post your should be in solid place now where you are able to start APEX SERT for the first time. 

How do we do this? There is not much we need to do except log in into our APEX workspace.

Assuming here your installation worked, you should see a new link in your Application Builder.

Magic is that during an installation a special message is seeded on system level so that all developers should get this link once they login. 

If you simply click APEX SERT link it should spin up another tab with APEX SERT application. 

This means that you are all set to run your first security scan. Select an application and click Evaluate button. 

This is where all the fun begins!!!!!! 

Once this process is over you will be redirected to a dashboard. This is a place where we start reviewing all 'not so good' things in your app code.

Point is we need to get this score in the left side to be 100%. 

There is many ways and things we need to do before this will happen which includes reviewing all problematic places, changing your apps and re-running the evaluations. So have fun and hope you will learn how to make your apps more secure. ;)

Happy APEXing,


Monday, 6 March 2023

Lets talk APEX Security - APEX SERT

APEX SERT installation notes

How to start using APEX SERT?

This time we will take a look at how to get APEX SERT installed and running. 

In its essence it should only come own to one script and you are ready to start using it.

If you downloaded installation scripts regardless of what version of APEX you are on you have be be aware that these versions must match each other. 

Meaning if you are running APEX 21.2 then you should install APEX SERT 21.2 and not any other. Why is this we will come to it later on? Point is that SERT simply will not run. Of course there is a way to tweak things and make it work but I am guessing we do not want lose time and want to get things going. 

Lets look at installation and how easiest to do this?

Download matching SERT version and unzip it somewhere. Find and open ins_auto_setup.sql 

This is the script I would recommend you to use, the only difference from ins.sql is that it will not prompt you anything so you can run it as one click install. At least that was the idea. 

In here you will notice this section

which is trying to explain all parameters we can provide as an input. Most are self explanatory.

There is a section with a basic example how you could call this script 

If you closer it will require of you to provide a sysadmin password, why is this? 

It will as part of the installation try to create users with a special access to some of APEX internal tables. In order to do this it needs to have admin privilege otherwise it would not work. Is this the best way to go or not is now out of scope for this blog post. ;)

Last section we need to be aware of is this one

As you can see here there are references to APEX versions etc.... 

Okay now you should be ready to install APEX SERT. If you execute the script and it all works for you should get few new schemas installed. 

Looking at them in top to bottom order.... 

  • SV_SERT_XXXXXX is a schema is the brain and all what APEX SERT does. All configs and everything is stored here in its tables
  • SV_SERT_APEX is a layer that has read access to SV_SERT_XXXXXX schema
  • SV_SERT_LAUNCHER is a special schema that holds up a REST API call which will actually start your APEX SERT application

With this quick fly-through of how installation looks like we can start scanning our apps for any security wholes. 

We will look at the first APEX SERT run in the next post.

Happy APEXing,