I’m just about finished with the ApexNinja blogging platform (v2) that I plan on releasing together with all the sources somewhere next week. Fortunately I met up with security experts Tim and Nathan from Recx (http://www.recx.co.uk/) during the UKOUG APEX SIG Meeting in London, where I did a presentation on APEX Printing Techniques (http://www.ukoug.org/events/5642-apex-sig-meeting/). And these guys, being really friendly and awesome, offered to use their APEX security analysis tool to check out my blog platform, before I release it on the wild and cause all its potential users some serious harm.
Long story short, after they sent me the security report, I realized there are some security best practices for developing APEX applications that I haven’t really followed and generated some vulnerabilities in my applications. And also understood why a tool like ApexSec is a must-have for every APEX development team, no matter how experienced it (thinks it) is.
First of all, you can find all the details about the ApexSec Security Console here: https://secure.recx.co.uk/apexsec/index.jsp. Although this is not a free application, Recx does offer free analysis by uploading the sources of your APEX app to Recx’s online interface here: https://secure.recx.co.uk/apexsec/upload.jsp. You will get back an HTML report together with an XML project, that you can upload and drill down more easily in the security report, by downloading the free version of the Apex Security Console, here: https://secure.recx.co.uk/apexsec/download.jsp?code=free. For paid subscriptions, you don’t need to submit your precious apps to Recx, instead the tool can connect directly to your database and generate the security reports from there.
Just to give you an idea on how the application looks like, here’s a screenshot: