Research, develop, consult and educate
Products
Recx over time formalises some of its techniques and process into formal products, some of these are offered on a commercial basis, others are given away free to the community. As opposed to the downloads offered on our research page, these are formally developed and supported rather than proofs of concept.
Oracle Application Express
ApexSec Desktop
Secures your Oracle Application Express (APEX) applications by scanning the application's code looking for vulnerabilities. Ideally used during the development cycle or alternatively during QA testing. ApexSec can help you quickly identify weaknesses without the specific knowledge of a security expert. ApexSec is today deployed by both commercial and Government customers as part of their software sign-off process.
ApexSec Portal
Our hosted low-cost SaaS solution aimed at both independent developers and contractors. Using our world leading ApexSec engine we can scan the applications you upload and provide both summary and detailed analysis. Includes statistics and a management overview as well as trends over time for multiple applications.
ApexSec Private Portal
A dedicated ApexSec portal instance running within your environment. Using our world leading ApexSec engine and an interface customised to your requirements, you can gain an immediate view of the security of your APEX applications. Identify trends over time, schedule regular assessments and empower your development team with security metrics.
"ApexSec will give SkillBuilders customers immediate access to the industry leading APEX security tool, the tool used and lauded by the Oracle's internal APEX development team" - David Anderson, Founder and President of SkillBuilders
Tools
Binary Assurance for Windows
A product designed for developers, quality assurance and security professionals wishing to gain insight into the SDL assurance level of Windows binaries where source code is not available. With its easy to use interface and advanced automation it can quickly ascertain binaries which do not follow Microsoft best practices.
It allows detailed inspection of a binaries internals, highlighting which security and compiler options have been enabled. This allows deployment teams to quickly identify areas where optimal defences have not been deployed; as well as giving researchers direction into components that can be more easily exploited.
"Straight from your (excellent) presentation: please send me your cool tool." - Audience, Source Boston
Software Plugins
GPS Image Forensics for Maltego
A commercial set of local Maltego transforms designed for forensics or case investigators, who have to work with photographic images. The transforms allow a local repository of images to be interrogated and the power of Maltego leveraged for effective relationship identification. GPS data can be extracted, and then analysed using existing Maltego transforms to produce address or broader town level locations. Alternatively our local transforms can be used to search for images taken in a specific location.
HTTP Header and Cookie Security Analyser
A free Google Chrome web browser extension to inspect the security aspects of a site's HTTP headers and its cookies. This extension is designed for web developers and quality assurance testers who are not security experts. All explanations are easy to understand with links to further information for the issues identified.