Research, develop, consult and educate





Products

Recx over time formalises some of its techniques and process into formal products, some of these are offered on a commercial basis, others are given away free to the community. As opposed to the downloads offered on our research page, these are formally developed and supported rather than proofs of concept.

Oracle Application Express

ApexSec Desktop

Secures your Oracle Application Express (APEX) applications by scanning the application's code looking for vulnerabilities. Ideally used during the development cycle or alternatively during QA testing. ApexSec can help you quickly identify weaknesses without the specific knowledge of a security expert. ApexSec is today deployed by both commercial and Government customers as part of their software sign-off process.

ApexSec Portal

Our hosted low-cost SaaS solution aimed at both independent developers and contractors. Using our world leading ApexSec engine we can scan the applications you upload and provide both summary and detailed analysis. Includes statistics and a management overview as well as trends over time for multiple applications.

ApexSec Private Portal

A dedicated ApexSec portal instance running within your environment. Using our world leading ApexSec engine and an interface customised to your requirements, you can gain an immediate view of the security of your APEX applications. Identify trends over time, schedule regular assessments and empower your development team with security metrics.


"ApexSec will give SkillBuilders customers immediate access to the industry leading APEX security tool, the tool used and lauded by the Oracle's internal APEX development team" - David Anderson, Founder and President of SkillBuilders


Tools

Binary Assurance for Windows

A product designed for developers, quality assurance and security professionals wishing to gain insight into the SDL assurance level of Windows binaries where source code is not available. With its easy to use interface and advanced automation it can quickly ascertain binaries which do not follow Microsoft best practices.

It allows detailed inspection of a binaries internals, highlighting which security and compiler options have been enabled. This allows deployment teams to quickly identify areas where optimal defences have not been deployed; as well as giving researchers direction into components that can be more easily exploited.


"Straight from your (excellent) presentation: please send me your cool tool." - Audience, Source Boston


Software Plugins

GPS Image Forensics for Maltego

A commercial set of local Maltego transforms designed for forensics or case investigators, who have to work with photographic images. The transforms allow a local repository of images to be interrogated and the power of Maltego leveraged for effective relationship identification. GPS data can be extracted, and then analysed using existing Maltego transforms to produce address or broader town level locations. Alternatively our local transforms can be used to search for images taken in a specific location.

HTTP Header and Cookie Security Analyser

A free Google Chrome web browser extension to inspect the security aspects of a site's HTTP headers and its cookies. This extension is designed for web developers and quality assurance testers who are not security experts. All explanations are easy to understand with links to further information for the issues identified.


"A one-stop shop for a variety of web-development security checks." - Royce Williams


Books

Hands-On Oracle Application Express Security

Taking an critical approach, this book shows you the correct ways to implement your Oracle APEX applications to ensure that they are not vulnerable to a range of different attacks.

Real-world examples of a variety of security vulnerabilities demonstrate attacks and show the techniques and best practices for making your applications secure.

Software Security Austerity

In this eBook, we introduce the concept and risk of software security debt. A review is then performed of the types and sources of debt before discussing how it can build up when using a risk assessment based approach to prioritisation.


"(Hands-On Oracle Application Express Security) is a mandatory read for all APEX team leads and developers who work with sensitive data." - Amazon Book Review