Oracle Application Express provides a number of security features to harden application development and runtime security. Administrators can configure both the Application Express instance and related applications to require the HTTPS protocol which utilizes Secure Socket Layer (SSL). They can also define password complexity rules and reuse policies.

Application developers can enable Session State Protection which incorporates checksums within the URL to prevent tampering and unauthorized access. They can also ensure that only necessary data is saved in session state and whenever that information is sensitive (for example, SSN), the value can be encrypted so that it cannot be read outside of the application.

Authentication is used to determine if a user is allowed to access an application. Unless an application is public, where no authentication is required, end users must specify a username and password to gain access. Oracle Application Express provides a number of built-in authentication schemes including: Oracle Application Express Managed Users Single Sign On Database Account Credentials Custom schemes Custom schemes can also be used that interface with just about any authenticatioHTTP/1.1 500 Internal Server Error Server: Oracle XML DB/Oracle Database Content-Type: text/html; charset=UTF-8 X-DB-Content-length: 21798 Transfer-Encoding: chunked Transfer-Encoding: chunked