The book presents a hands-on approach to securing Apex applications. The book is split into four sections, three cover the main classes of threat faced by web applications and the forth covers an Apex-specific protection mechanism. Within each section the various areas in Apex that can be vulnerable are presented with a walkthrough guide that shows how developers can create applications that can be attacked. These attacks are demonstrated to equip developers with some of the skills used by hackers, and then the mitigation steps are explained to ensure developers can correctly protected their own sites. Access-Control -- Issues that can arise that lead to data disclosure problems in Apex applications. Cross-Site Scripting -- The most common class of vulnerability that allows attackers to invoke actions on behalf of other users. SQL Injection -- In several areas Apex leads developers to write vulnerable PL/SQL that can lead to disclosure of sensitive data and ultimately compromise of the underlying database. Item Protection -- A feature provided by Apex that is often misunderstood and applied incorrectly.