Fortifying Oracle APEX Applications: A Comprehensive Framework for Multi-Factor Authentication Implementation

In e na ional Jou nal o Co e Enginee ing & Managemen
Volume-7, Issue-11, 2024 ISSN No: 2348-9510
349
FORTIFYING ORACLE APEX APPLICATIONS: A COMPREHENSIVE
FRAMEWORK FOR MULTI-FACTOR AUTHENTICATION IMPLEMENTATION
Ash a Syed
ma e ick.ash a @gmail.com
Abs ac
Mul i-Fac o Au hen ica ion (MFA) has eme ged as a c i ical secu i y mechanism o sa egua d
web applica ions agains unau ho ized access. O acle Applica ion Exp ess (APEX) p o ides a
obus pla o m o de eloping secu e, scalable applica ions, bu i s au hen ica ion
mechanisms equi e enhancemen o mee mode n cybe secu i y challenges. This a icle explo es
he implemen a ion o MFA in O acle APEX applica ions, de ailing he ypes o MFA,
in eg a ion s a egies wi h APEX au hen ica ion schemes, and hei bene i s and limi a ions.
The s udy de ails MFA ypes— oken-based, biome ic, push no i ica ion, and sma ca d and
hei in eg a ion wi h APEX au hen ica ion schemes, including SSO and cus om solu ions. The
s udy e alua es he e ec i eness o MFA in p e en ing c eden ial-based a acks compa ed o
adi ional secu i y ques ion e i ica ions. Resul s indica e ha MFA signi ican ly enhances
secu i y, hough challenges such as use adop ion and in eg a ion complexi y pe sis . Fu u e
ends, including AI-d i en dynamic MFA, a e discussed o p o ide a o wa d-looking
pe spec i e. This a icle con ibu es o he schola ly discou se by o e ing a comp ehensi e
amewo k o implemen ing MFA in O acle APEX, suppo ed by empi ical analysis and
p ac ical ecommenda ions.
Keywo ds: Mul i-Fac o Au hen ica ion, O acle APEX, Cybe secu i y, Au hen ica ion Schemes,
Adap i e Au hen ica ion, Biome ic Au hen ica ion, Token-Based Au hen ica ion, Secu i y
Ques ions, Applica ion Secu i y.
I. INTRODUCTION
In he e a o escala ing cybe h ea s, secu ing web applica ions has become an impe a i e o
o ganiza ions wo ldwide. Acco ding o p ojec ions om 2023, global cybe c ime cos s we e
expec ed o each $8 illion annually, ma king a signi ican inc ease om p e ious yea s. This
s agge ing igu e unde sco es he u gency o obus secu i y measu es in digi al ecosys ems.
O acle Applica ion Exp ess (APEX), a low-code de elopmen pla o m, is ex ensi ely u ilized
o apid applica ion de elopmen in en e p ise se ings, enabling de elope s o c ea e scalable
and ea u e- ich applica ions wi h minimal coding [1]. Howe e , he pla o m's inhe en
secu i y ea u es, while comp ehensi e, mus e ol e o coun e sophis ica ed a acks such as
phishing, c eden ial s u ing, and ansom wa e, which ha e p oli e a ed in ecen yea s [2].
MFA eme ges as a pi o al de ense mechanism, manda ing mul iple e i ica ion ac o s o
au hen ica e use s, he eby d as ically mi iga ing he isk o unau ho ized access [3].
In e na ional Jou nal o Co e Enginee ing & Managemen
Volume-7, Issue-11, 2024 ISSN No: 2348-9510
350
An ala ming ise in b eaches cha ac e izes he con empo a y h ea landscape. Repo s om
2023 indica e ha 25,081 ulne abili ies we e disclosed in 2022, wi h expec a ions o u he
inc eases, and a high pe cen age o web applica ions emaining ulne able o a acks.
Fu he mo e, 74% o b eaches in ol e he human elemen , including e o s like weak passwo d
p ac ices. T adi ional single- ac o au hen ica ion, p edominan ly elian on passwo ds, is
inhe en ly lawed due o i s suscep ibili y o comp omise h ough social enginee ing o b u e-
o ce a acks [4]. In con as , MFA in eg a es ac o s such as some hing he use knows
(passwo d), some hing hey ha e ( oken o de ice), and some hing hey a e (biome ics),
blocking o e 99.9% o accoun comp omise a emp s as e idenced by Mic oso esea ch in
2019.
The MFA p ocess ypically in ol es an ini ial login wi h a passwo d, ollowed by a second
ac o , such as an OTP sen o a mobile de ice o a biome ic scan. This laye ed app oach
ensu es ha e en i one ac o is comp omised, access is no g an ed. Di e en ypes o MFA
include oken-based (ha dwa e o so wa e okens), biome ic ( inge p in o acial ecogni ion),
and push-based (app no i ica ions). Each ype o e s a ying le els o secu i y and usabili y,
wi h biome ic p o iding high secu i y bu po en ial p i acy conce ns.
O acle APEX o e s a sui e o au hen ica ion schemes, including buil -in APEX au hen ica ion,
O acle Da abase c eden ials, LDAP in eg a ion, and Single Sign-On (SSO) p o ocols like
OAu h2 and SAML, which can be cus omized o inco po a e MFA [5]. Fo ins ance, in eg a ing
wi h O acle Iden i y and Access Managemen (IAM) enables MFA using au hen ica o apps o
ha dwa e okens. This in eg a ion is c ucial o APEX applica ions, as i add esses he pla o m's
limi ed na i e MFA suppo , o en equi ing hi d-pa y se ices like Ok a o Mic oso Azu e
En a ID o enhanced p o ec ion. The bene i s o MFA ex end beyond me e access con ol; i
signi ican ly educes he impac o phishing a acks, wi h s udies showing high e ec i eness in
p e en ing unau ho ized logins.
Howe e , MFA is no wi hou limi a ions, including use incon enience om addi ional s eps
and po en ial cos s o implemen a ion. Despi e hese, i is supe io o secu i y ques ion
e i ica ions, which a e p one o guessing o social enginee ing since answe s can be esea ched
o sha ed.
This a icle p oposes a no el adap i e MFA amewo k o O acle APEX, whe e au hen ica ion
s ingency adap s dynamically based on con ex ual isk ac o s, such as geoloca ion, de ice
inge p in ing, and beha io al anomalies. This app oach no only bols e s secu i y bu also
op imizes use expe ience by minimizing unnecessa y e i ica ions in low- isk scena ios.
The s udy delinea es he supe io i y o MFA o e an iqua ed me hods like secu i y ques ion
e i ica ions, which a e p one o p edic abili y and exploi s. The objec i es o his esea ch a e
mul i ace ed: (1) o dissec a ious MFA ypes and hei compa ibili y wi h APEX
en i onmen s, (2) o ou line a de ailed me hodology o in eg a ing MFA wi h adap i e
In e na ional Jou nal o Co e Enginee ing & Managemen
Volume-7, Issue-11, 2024 ISSN No: 2348-9510
351
elemen s, and (3) o empi ically e alua e he amewo k's bene i s, limi a ions, and pe o mance
me ics. Th ough a p oo -o -concep implemen a ion and simula ed es ing, he a icle p o ides
ac ionable insigh s o de elope s.
S uc u ed comp ehensi ely, he pape p oceeds wi h a backg ound and li e a u e e iew,
ollowed by an exposi ion on au hen ica ion ypes in APEX, he p oposed me hodology, esul s
and discussions, u u e ends including AI-d i en enhancemen s, and a conclusi e syn hesis.
This schola ly endea o aims o b idge gaps in exis ing APEX secu i y li e a u e, os e ing mo e
esilien web applica ion de elopmen p ac ices in an inc easingly hos ile digi al landscape.
II. BACKGROUND AND RELATED WORK
The apid e olu ion o cybe h ea s has necessi a ed a shi om adi ional passwo d-based
sys ems o mo e obus au hen ica ion mechanisms. Passwo ds, once he co ne s one o digi al
secu i y, a e inc easingly ulne able due o hei suscep ibili y o phishing, b u e- o ce a acks,
and c eden ial he [3]. MFA add esses hese ulne abili ies by equi ing mul iple independen
ac o s o e i ica ion: some hing you know (e.g., a passwo d), some hing you ha e (e.g., a
oken o sma phone), and some hing you a e (e.g., biome ic da a like inge p in s o acial
ecogni ion) [4]. Resea ch consis en ly demons a es ha MFA educes he isk o accoun
comp omise by o e 99% compa ed o passwo ds alone, as i signi ican ly aises he ba o
a acke s e en i one ac o is comp omised [8].
In he con ex o O acle Applica ion Exp ess (APEX), a low-code pla o m o building web
applica ions, au hen ica ion is managed h ough a a ie y o schemes, including buil -in APEX
au hen ica ion, O acle Da abase c eden ials, LDAP in eg a ion, and SSO p o ocols such as
OAu h2 and SAML [9]. These schemes p o ide lexibili y bu lack na i e MFA suppo , o en
equi ing de elope s o in eg a e hi d-pa y iden i y p o ide s o cus om solu ions [11].
O acle’s o icial documen a ion highligh s he ex ensibili y o APEX au hen ica ion schemes,
no ing hei compa ibili y wi h ex e nal sys ems bu also hei limi a ions in p o iding ou -o -
he-box MFA capabili ies [2]. This gap has d i en esea ch and p ac ical implemen a ions o
enhance APEX secu i y.
Schola ly li e a u e unde sco es MFA’s c i ical ole in mode n cybe secu i y. A 2022 s udy by
Gao e al. in PEARC ’20 explo es oken-based MFA, emphasizing i s e ec i eness in hwa ing
phishing a acks by equi ing ime-sensi i e one- ime passwo ds (OTPs) [13]. Howe e , he
book by G imes also no es ulne abili ies, such as SMS-based OTP in e cep ion, highligh ing
he need o mo e secu e deli e y me hods like au hen ica o apps [14]. Simila ly, LienChi-Wei
in ACM Compu ing Su eys (2023) examines biome ic au hen ica ion, p aising i s high
secu i y bu cau ioning agains challenges like alse posi i es and he need o specialized
ha dwa e [15]. These indings a e pa icula ly ele an o APEX applica ions, whe e ha dwa e
cons ain s may limi biome ic adop ion in ce ain en i onmen s.
In e na ional Jou nal o Co e Enginee ing & Managemen
Volume-7, Issue-11, 2024 ISSN No: 2348-9510
352
Secu i y ques ions, a adi ional al e na i e o MFA, ha e been widely c i icized o hei
weaknesses. Rabkin’s a icle in he 2021 ACM O he con e ences de ails how use s o en selec
p edic able answe s, making secu i y ques ions suscep ible o social enginee ing and da a
mining om social media [16]. A blog by Komenda in 2024 u he ein o ces his, no ing ha
secu i y ques ions ail in p ac ice due o use beha io , ecommending MFA as a mo e eliable
al e na i e [17]. In con as , MFA’s mul i-laye ed app oach o e s obus p o ec ion, hough i
in oduces challenges such as use esis ance due o added au hen ica ion s eps and in eg a ion
complexi y wi h legacy sys ems [18].
A blog pos by Mul aney ou lines he in eg a ion o Ok a o MFA in APEX, le e aging SSO o
enable oken-based and push no i ica ion MFA [19]. Simila ly, he O acle Cloud In as uc u e
documen a ion demons a es he use o au hen ica o apps o MFA, highligh ing he easibili y
o cus om implemen a ions in APEX [20]. These esou ces emphasize he need o hi d-pa y
iden i y p o ide s like Ok a o Mic oso Azu e En a ID o b idge he gap in na i e MFA
suppo [11]. A blog pos by He wix on Iden i y and Access Managemen (IAM) u he de ails
how o con igu e MFA using au hen ica o apps o ha dwa e okens, o e ing a s anda dized
app oach o en e p ise applica ions [10].
Recen esea ch also explo es eme ging ends ele an o APEX. A 2023 sys ema ic e iew in
he Digi al Heal h jou nal examines MFA in he In e ne o Heal hca e Things (IoHT),
highligh ing i s applicabili y in sensi i e domains whe e da a secu i y is pa amoun [21]. The
a icle by Almadani e al. discusses oken-based and biome ic MFA, no ing p i acy conce ns
and he need o use - iendly designs. This a icle explo es blockchain-based MFA, sugges ing
ha decen alized e i ica ion could enhance secu i y o web applica ions[22]. These s udies
unde sco e he e sa ili y o MFA bu also highligh in eg a ion challenges, pa icula ly in
pla o ms wi h limi ed na i e suppo .
Adap i e au hen ica ion, a key componen o he p oposed amewo k, is gaining ac ion. A
2023 IEEE a icle by Misbahuddin e al. discusses how machine lea ning can analyze con ex ual
ac o s like IP add ess, login ime, and use beha io o dynamically adjus au hen ica ion
equi emen s [23]. This app oach aligns wi h he ze o- us secu i y model, which assumes no
use o de ice is inhe en ly us wo hy [24]. Adap i e au hen ica ion could op imize use
expe ience by equi ing MFA only in high- isk scena ios, a concep explo ed by Ryu e al. in an
a icle published by ICT Exp ess[25].
Fu he mo e, a s udy by G aba in e al., published in he ACM Digi al Lib a y, highligh s use
adop ion challenges, no ing ha complex MFA p ocesses can lead o us a ion, pa icula ly in
non- echnical use bases [18]. Cos is ano he conce n, as biome ic sys ems equi e specialized
ha dwa e, and hi d-pa y se ices like Ok a incu subsc ip ion ees [19]. Despi e hese
challenges, MFA’s bene i s, such as compliance wi h s anda ds like NIST 800-63B and educed
b each isks, make i a supe io choice o e secu i y ques ions [24].
In e na ional Jou nal o Co e Enginee ing & Managemen
Volume-7, Issue-11, 2024 ISSN No: 2348-9510
353
This a icle builds on hese insigh s by p oposing a no el adap i e MFA amewo k o O acle
APEX, add essing gaps in seamless in eg a ion and use expe ience. By syn hesizing schola ly
esea ch, indus y blogs, and O acle documen a ion, his sec ion es ablishes a ounda ion o he
p oposed me hodology, emphasizing he need o a balanced app oach ha enhances secu i y
while main aining usabili y.
III. TYPES OF MULTI FACTOR AUTHENTICATIONS
MFA enhances secu i y by equi ing mul iple e i ica ion ac o s, signi ican ly educing he isk
o unau ho ized access. In O acle Applica ion Exp ess (APEX), implemen ing MFA is c i ical
due o he pla o m’s widesp ead use in en e p ise applica ions and i s exposu e o
sophis ica ed cybe h ea s [2]. This sec ion explo es he p ima y ypes o MFA: oken-based,
biome ic, push no i ica ion, and sma ca d au hen ica ion, ocusing on hei cha ac e is ics,
bene i s, limi a ions, and ele ance o O acle APEX in eg a ion.
A. Token-Based MFA
Token-based MFA in ol es gene a ing one- ime passwo ds (OTPs) deli e ed ia SMS, email, o
au hen ica o apps like Google Au hen ica o o Mic oso Au hen ica o . This me hod is widely
adop ed due o i s low cos and ease o implemen a ion [13]. In APEX, oken-based MFA can be
in eg a ed using SSO wi h iden i y p o ide s like Ok a o O acle Iden i y and Access
Managemen (IAM) [10]. Fo ins ance, Ok a’s SSO in eg a ion allows APEX applica ions o
p omp use s o an OTP a e en e ing hei c eden ials, le e aging APIs o alida e he code
[19]. The p ima y bene i is i s accessibili y, as mos use s own sma phones capable o ecei ing
OTPs. Howe e , SMS-based OTPs a e ulne able o in e cep ion h ough SIM swapping o
phishing, making app-based au hen ica o s a mo e secu e op ion [14]. In APEX, oken-based
MFA is sui able o applica ions wi h mode a e secu i y equi emen s, as i balances cos and
p o ec ion.
B. BIOMETRIC MFA
Biome ic MFA u ilizes physiological o beha io al ai s, such as inge p in s, acial
ecogni ion, o oice pa e ns, o e i y iden i y [15]. This me hod o e s high secu i y due o he
uniqueness o biome ic da a, making i di icul o a acke s o eplica e. In APEX, biome ic
MFA can be implemen ed h ough cus om au hen ica ion schemes, whe e APIs in eg a e wi h
de ice-based biome ic sys ems o hi d-pa y p o ide s like Mic oso Azu e En a ID [11]. Fo
example, an APEX applica ion can use a mobile de ice’s inge p in scanne as a second ac o
a e passwo d en y, le e aging OAu h2 p o ocols o secu e communica ion. The ad an age is
enhanced secu i y, as biome ics a e ha de o s eal han passwo ds o okens. Howe e ,
limi a ions include he need o compa ible ha dwa e, po en ial p i acy conce ns, and alse
posi i es due o en i onmen al ac o s like ligh ing o acial ecogni ion [15]. In APEX,
biome ic MFA is ideal o high-secu i y applica ions bu may be imp ac ical o use s wi hou
biome ic-enabled de ices.

In e na ional Jou nal o Co e Enginee ing & Managemen
Volume-7, Issue-11, 2024 ISSN No: 2348-9510
354
C. PUSH NOTIFICATION MFA
Push No i ica ion MFA sends au hen ica ion eques s o a use ’s egis e ed de ice, ypically a
sma phone, equi ing app o al ia an app like Ok a Ve i y o Duo Mobile [29]. This me hod is
use - iendly, as i elimina es he need o manually en e codes, and secu e, as i elies on
enc yp ed communica ion. In APEX, push no i ica ion MFA can be in eg a ed h ough SSO
schemes, whe e he iden i y p o ide sends a push no i ica ion a e he use en e s hei
c eden ials. Fo ins ance, O acle IAM can be con igu ed o send push no i ica ions o a use ’s
de ice, which hey app o e o gain access [10]. The bene i is a seamless use expe ience, wi h
s udies showing a 20% inc ease in use sa is ac ion compa ed o oken-based me hods [18].
Howe e , i equi es use s o ha e a egis e ed de ice and a s able in e ne connec ion, which
may pose challenges in emo e o low-connec i i y en i onmen s. In APEX, push no i ica ion
MFA is well-sui ed o en e p ise applica ions whe e usabili y is a p io i y.
D. SMART CARD MFA
Sma Ca d MFA in ol es physical ca ds wi h embedded chips ha s o e c yp og aphic keys,
equi ing use s o inse he ca d in o a eade o use NFC-enabled de ices [24]. This me hod
o e s e y high secu i y, as he physical ca d is di icul o duplica e, making i sui able o
high- isk en i onmen s like inancial o go e nmen applica ions. In APEX, sma ca d MFA
can be in eg a ed h ough cus om au hen ica ion schemes, whe e he applica ion alida es he
ca d’s c eden ials ia a secu e API. Fo example, a sma ca d can be pai ed wi h O acle
Da abase au hen ica ion o e i y use iden i y [27]. The p ima y limi a ion is low usabili y, as
use s mus ca y a physical ca d, and implemen a ion cos s a e high due o ha dwa e
equi emen s. In APEX, sma ca d MFA is less common bu iable o o ganiza ions wi h
s ingen secu i y needs.
In eg a ing hese MFA ypes wi h APEX au hen ica ion schemes enhances secu i y bu equi es
ca e ul conside a ion o he pla o m’s a chi ec u e. APEX’s buil -in au hen ica ion is limi ed,
necessi a ing hi d-pa y iden i y p o ide s o obus MFA implemen a ion [2]. SSO schemes
wi h OAu h2 o SAML p o ocols a e pa icula ly e ec i e, as hey allow seamless in eg a ion
wi h p o ide s like Ok a o Azu e En a ID [29]. Cus om au hen ica ion schemes o e lexibili y
o ad anced MFA ypes, such as biome ics, bu equi e signi ican de elopmen e o [19].
Figu e 1 illus a es he in eg a ion a chi ec u e, showing how MFA ac o s in e ac wi h APEX
au hen ica ion schemes.
In e na ional Jou nal o Co e Enginee ing & Managemen
Volume-7, Issue-11, 2024 ISSN No: 2348-9510
355
Figu e 1: MFA A chi ec u e in APEX Au hen ica ion Schemes wi h Thi d Pa y P o ide s
TABLE I. MFA TYPES FOR APEX INTEGRATION
MFA Type
Secu i y Le el
Usabili y
In eg a io
n
Complexi
y
Cos
Token-Based
High
Mode a e
Low
Low
Biome ic
Ve y High
High
High
High
Push
No i ica ions
High
High
Mode a e
Mode a
e
Sma Ca ds
Ve y High
Low
High
High
MFA’s supe io i y o e secu i y ques ions lies in i s mul i-laye ed app oach, which mi iga es
isks om p edic able o easily esea ched answe s [16]. In APEX, selec ing he app op ia e
MFA ype depends on he applica ion’s secu i y equi emen s, use base, and in as uc u e
capabili ies.
IV. METHODOLOGY
The p oposed me hodology o implemen ing MFA in O acle Applica ion Exp ess (APEX)
applica ions is designed o enhance secu i y while main aining usabili y by in eg a ing MFA
wi h exis ing au hen ica ion schemes. This app oach add esses he pla o m’s limi ed na i e
MFA suppo by le e aging hi d-pa y iden i y p o ide s and cus om solu ions, including local
email-based OTP e i ica ion. The me hodology is s uc u ed in o ou phases: equi emen
analysis, au hen ica ion scheme selec ion, MFA in eg a ion, and es ing and deploymen . Each
phase is ca e ully designed o ensu e obus secu i y, seamless in eg a ion, and minimal use
ic ion, wi h de ailed echnical s eps o implemen a ion.
A. REQUIREMENT ANALYSIS
The ini ial phase in ol es a comp ehensi e assessmen o he applica ion’s secu i y
equi emen s, use demog aphics, and in as uc u e capabili ies. This s ep de e mines he
sui able MFA ypes and in eg a ion s a egies. Fo example, biome ic MFA equi es de ices
wi h inge p in scanne s o acial ecogni ion capabili ies, which may no be a ailable o all
In e na ional Jou nal o Co e Enginee ing & Managemen
Volume-7, Issue-11, 2024 ISSN No: 2348-9510
356
use s [15]. The sensi i i y o he applica ion’s da a is e alua ed; inancial o heal hca e
applica ions may demand high-secu i y MFA ypes like biome ics o sma ca ds, while less
sensi i e applica ions may use oken-based o email-based OTPs [2]. Use cha ac e is ics, such
as echnical p o iciency and de ice owne ship, a e analyzed o ensu e accessibili y.
In as uc u e cons ain s, including ne wo k eliabili y and exis ing iden i y managemen
sys ems, a e assessed o compa ibili y wi h hi d-pa y p o ide s like Twilio o SMS/email
OTPs o Ok a o SSO-based MFA [10]. S akeholde consul a ions align secu i y objec i es wi h
business needs, ensu ing he MFA solu ion balances p o ec ion and usabili y.
B. AUTHENTICATION SCHEME SELECTION
Selec ing an app op ia e APEX au hen ica ion scheme is c ucial o e ec i e MFA in eg a ion.
APEX suppo s buil -in APEX au hen ica ion, O acle Da abase au hen ica ion, LDAP, SSO, and
cus om au hen ica ion [9]. SSO schemes, using OAu h2 o SAML p o ocols, a e p e e ed o
hi d-pa y MFA in eg a ion wi h p o ide s like Ok a o Mic oso Azu e En a ID due o hei
obus MFA capabili ies [29]. Cus om au hen ica ion schemes o e lexibili y o local MFA
implemen a ions, such as email-based OTPs o ad anced ypes like biome ics, bu equi e
mo e de elopmen e o [19]. O acle Da abase au hen ica ion can be ex ended wi h igge s o
suppo MFA, while LDAP in eg a es wi h di ec o y se ices like Ac i e Di ec o y [27, 28]. The
selec ion conside s scalabili y o en e p ise applica ions and compa ibili y wi h chosen MFA
ypes. Fo ins ance, email-based OTPs a e sui able o cus om au hen ica ion, while push
no i ica ions align wi h SSO schemes [11]. This phase ensu es he au hen ica ion scheme
suppo s he applica ion’s secu i y and pe o mance needs.
C. MFA INTEGRATION
This phase ocuses on in eg a ing MFA ypes wi h he selec ed au hen ica ion scheme,
le e aging bo h hi d-pa y se ices and local APEX capabili ies. Fo hi d-pa y in eg a ion,
se ices like Twilio a e used o oken-based MFA ia SMS o email. The in eg a ion in ol es
con igu ing REST API calls o Twilio’s messaging o email se ices (e.g., SendG id, acqui ed by
Twilio) o send OTPs. Below is an example PL/SQL code snippe o sending an OTP ia
Twilio’s REST API wi hin an APEX applica ion:
DECLARE
l_u l VARCHAR2(4000) := 'h ps://api. wilio.com/2010-04-
01/Accoun s/YOUR_ACCOUNT_SID/Messages.json';
l_walle _pa h VARCHAR2(100) := ' ile:/pa h/ o/walle ';
l_walle _pass VARCHAR2(100) := 'walle _passwo d';
l_ esponse CLOB;
l_o p VARCHAR2(6) := DBMS_RANDOM.STRING('N', 6); -- Gene a e 6-digi
OTP
BEGIN
-- S o e OTP in APEX applica ion i em
APEX_UTIL.SET_SESSION_STATE('F_OTP', l_o p);
-- Con igu e HTTP eques o Twilio
In e na ional Jou nal o Co e Enginee ing & Managemen
Volume-7, Issue-11, 2024 ISSN No: 2348-9510
357
APEX_WEB_SERVICE.G_REQUEST_HEADERS(1).name := 'Au ho iza ion';
APEX_WEB_SERVICE.G_REQUEST_HEADERS(1). alue := 'Basic ' ||
UTL_RAW.CAST_TO_VARCHAR2(UTL_ENCODE.BASE64_ENCODE(UTL_RAW.CAST_TO_RAW(
'YOUR_ACCOUNT_SID:YOUR_AUTH_TOKEN')));
-- Make REST API call o send OTP ia SMS
l_ esponse := APEX_WEB_SERVICE.MAKE_REST_REQUEST(
p_u l => l_u l,
p_h p_me hod => 'POST',
p_walle _pa h => l_walle _pa h,
p_walle _pwd => l_walle _pass,
p_pa am_name => 'To:F om:Body',
p_pa am_ alue => '+1234567890:+YOUR_TWILIO_NUMBER:You OTP is ' ||
l_o p
);
-- Log esponse o debugging
DBMS_OUTPUT.PUT_LINE(l_ esponse);
EXCEPTION
WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE('E o : '|| SQLERRM);
END;
This code gene a es a 6-digi OTP, s o es i in an APEX applica ion i em (F_OTP), and sends i
ia Twilio’s SMS API. The API equi es an Accoun SID and Au h Token, con igu ed secu ely in
he APEX walle . Fo email-based OTPs, a simila app oach uses Twilio’s SendG id API:
DECLARE
l_u l VARCHAR2(4000) := 'h ps://api.sendg id.com/ 3/mail/send';
l_walle _pa h VARCHAR2(100) := ' ile:/pa h/ o/walle ';
l_walle _pass VARCHAR2(100) := 'walle _passwo d';
l_ esponse CLOB;
l_o p VARCHAR2(6) := DBMS_RANDOM.STRING('N', 6);
l_json CLOB;
BEGIN
-- S o e OTP in APEX applica ion i em
APEX_UTIL.SET_SESSION_STATE('F_OTP', l_o p);
-- Cons uc JSON payload o SendG id
l_json := '{
"pe sonaliza ions": [{" o": [{"email": "[email p o ec ed]"}]}],
" om": {"email": "[email p o ec ed]"},
"subjec ": "You OTP o Login",
"con en ": [{" ype": " ex /plain", " alue": "You OTP is ' ||
l_o p || '"}]
}';
In e na ional Jou nal o Co e Enginee ing & Managemen
Volume-7, Issue-11, 2024 ISSN No: 2348-9510
364
4. OPEN-SOURCE INTEGRATION
Le e aging open-sou ce MFA lib a ies, such as hose suppo ing TOTP (Time-based One-Time
Passwo d) algo i hms, can educe implemen a ion cos s and p o ide cus omizable solu ions o
APEX applica ions [28]. These lib a ies can be in eg a ed in o cus om au hen ica ion schemes o
suppo oken-based MFA wi hou hi d-pa y dependencies.
5. EXPLORATION OF ADAPTIVE AUTHENTICATION
Fu u e esea ch should ocus on implemen ing adap i e au hen ica ion in APEX, using machine
lea ning o analyze con ex ual da a and dynamically adjus MFA equi emen s. This could
in ol e de eloping plugins o O acle AI Se ices o in eg a e isk-based logic seamlessly [27].
These ecommenda ions align wi h he e ol ing cybe secu i y landscape, emphasizing he need
o lexible, use - iendly, and obus au hen ica ion mechanisms. By adop ing hese s a egies,
O acle APEX de elope s can enhance applica ion secu i y, ensu e compliance wi h s anda ds
like NIST 800-63B, and p epa e o u u e h ea s in an inc easingly in e connec ed digi al
ecosys em [24].
VII. CONCLUSION
The implemen a ion o MFA in O acle Applica ion Exp ess (APEX) applica ions ep esen s a
pi o al ad ancemen in bols e ing web applica ion secu i y amid escala ing cybe h ea s. This
a icle has comp ehensi ely explo ed he in eg a ion o MFA ypes, such as oken-based,
biome ic, push no i ica ion, and sma ca d, wi h APEX au hen ica ion schemes, p oposing a
no el me hodology ha add esses he pla o m's inhe en limi a ions in na i e MFA suppo .
By le e aging hi d-pa y se ices like Twilio o SMS and email OTPs, and local APEX
unc ionali ies such as APEX_MAIL o email-based e i ica ion, he amewo k ensu es a
laye ed de ense mechanism ha signi ican ly mi iga es isks associa ed wi h single- ac o
au hen ica ion, such as passwo d ulne abili ies [7]. The empi ical esul s om he simula ed
en e p ise en i onmen unde sco e MFA's supe io i y, wi h success a es exceeding 95% in
p e en ing unau ho ized access compa ed o a me e 65% o adi ional secu i y ques ions,
highligh ing i s e icacy in eal-wo ld scena ios [8], [16].
The bene i s o MFA ex end beyond secu i y enhancemen ; hey include imp o ed use
sa is ac ion h ough use - iendly me hods like push no i ica ions and email OTPs, which
balance p o ec ion wi h usabili y [18]. Token-based MFA, in pa icula , o e s accessibili y and
cos -e ec i eness, making i sui able o mode a e- isk applica ions. A he same ime, biome ic
and sma ca d me hods ca e o high-secu i y needs despi e hei ha dwa e dependencies [15,
24]. Howe e , he s udy also acknowledges limi a ions, such as in eg a ion complexi y in
cus om schemes and po en ial use esis ance due o addi ional s eps, which necessi a e ca e ul
planning and aining [19]. These challenges, while no able, a e ou weighed by MFA's abili y o
educe b each isks by o e 99%, as e idenced by indus y esea ch [8].

In e na ional Jou nal o Co e Enginee ing & Managemen
Volume-7, Issue-11, 2024 ISSN No: 2348-9510
365
This esea ch con ibu es o he schola ly discou se by p o iding a p ac ical, s ep-by-s ep guide
o de elope s, comple e wi h code snippe s o REST API in eg a ions and local OTP
e i ica ion, empowe ing hem o implemen obus MFA solu ions in APEX. By adop ing his
me hodology, o ganiza ions can os e scalable, secu e applica ions ha comply wi h s anda ds
like NIST 800-63B and adap o e ol ing h ea s [24]. Looking ahead, u u e ends such as AI-
d i en adap i e au hen ica ion and blockchain-based MFA p omise o u he e olu ionize
APEX secu i y, enabling dynamic isk assessmen and decen alized e i ica ion [23, 22].
De elope s a e encou aged o p io i ize hyb id models and open-sou ce ools o mi iga e cos s
and enhance lexibili y [4, 28]. Ul ima ely, his s udy pa es he way o a mo e esilien digi al
ecosys em, whe e APEX applica ions no only wi hs and cu en h ea s bu also an icipa e
u u e challenges, ensu ing da a in eg i y and use us in an in e connec ed wo ld.
ACKNOWLEDGMENT
The au ho would also like o disclose he use o he G amma ly (AI) ool solely o edi ing and
g amma enhancemen s.
REFERENCES
1. C. Magazine, “Cybe c ime To Cos The Wo ld 8 T illion Annually In 2023,” Cybe c ime
Magazine. Accessed: June. 20, 2024. [Online]. A ailable:
h ps://cybe secu i y en u es.com/cybe c ime- o-cos - he-wo ld-8- illion-annually-in-
2023/
2. O acle, “O acle APEX Release 22.2 - O acle APEX Release 22.2,” O acle Help Cen e .
Accessed: June. 20, 2024. [Online]. A ailable:
h ps://docs.o acle.com/en/da abase/o acle/apex/22.2/
3. N. Rahimi, "A S udy o he Landscape o Secu i y Issues, Vulne abili ies, and De ense
Mechanisms in Web Based Applica ions," 2021 In e na ional Con e ence on Compu a ional
Science and Compu a ional In elligence (CSCI), Las Vegas, NV, USA, 2021, pp. 806-811, doi:
10.1109/CSCI54926.2021.00194.
4. A. K. Nag, A. Roy and D. Dasgup a, "An Adap i e App oach Towa ds he Selec ion o
Mul i-Fac o Au hen ica ion," 2015 IEEE Symposium Se ies on Compu a ional In elligence,
Cape Town, Sou h A ica, 2015, pp. 463-472, doi: 10.1109/SSCI.2015.75.
5. In el 471, “Vulne abili ies Yea -in-Re iew: 2023,” Websi e, Ma . 27, 2024. Accessed: June. 22,
2024. [Online]. A ailable: h ps://www.in el471.com/blog/ ulne abili ies-yea -in- e iew-
2023
6. J. Pe e s, “In osec Ins i u e,” In osec. Accessed: June. 20, 2024. [Online]. A ailable:
h ps://www.in osecins i u e.com/ esou ces/ secu i y-awa eness/human-e o -
esponsible-da a-b eaches/
7. I. Mannuela, J. Pu i, Michael and M. S. Angg eainy, "Le el o Passwo d Vulne abili y," 2021
1s In e na ional Con e ence on Compu e Science and A i icial In elligence (ICCSAI),
Jaka a, Indonesia, 2021, pp. 351-354, doi: 10.1109/ICCSAI53272.2021. 9609778.
In e na ional Jou nal o Co e Enginee ing & Managemen
Volume-7, Issue-11, 2024 ISSN No: 2348-9510
366
8. M. Maynes, “One simple ac ion you can ake o p e en 99.9 pe cen o a acks on you
accoun s,” Mic oso Secu i y Blog. Accessed: Jul. 7, 2024. [Online]. A ailable:
h ps://www.mic oso .com/en-us/secu i y/blog/2019/08/20/one-simple-ac ion-you-
can- ake- o-p e en -99-9-pe cen -o -accoun -a acks/
9. A. Cha e jee, “Unde s anding P econ igu ed Au hen ica ion Schemes,” O acle Help Cen e .
Accessed: June. 22, 2024. [Online]. A ailable:
h ps://docs.o acle.com/en/da abase/o acle/apex/22.2/ h mdb/p econ igu ed-
au hen ica ion-schemes.h ml
10. T. He wix, “Enabling Mul i-Fac o Au hen ica ion in APEX using O acle Iden i y and
Access Managemen ,” TM-APEX, Feb. 02, 2024. Accessed: Jul. 5, 2024. [Online]. A ailable:
h ps:// m-apex.hashnode.de /enabling-mul i- ac o -au hen ica ion-in-apex-using-o acle-
iden i y-and-access-managemen
11. M. Michel, “Using Au hen ica o Based MFA in O acle APEX - The Ca le C ew Blog,” The
Ca le C ew Blog - All abou Digi al T ans o ma ion, BI & Big Da a, Cloud & In as uc u e,
So wa e De elopmen , BPM & In eg a ion. Powe ed by OPITZ CONSULTING
Deu schland GmbH. Accessed: Jul. 7, 2024. [Online]. A ailable:
h ps:// heca lec ew.ne /2023/10/11/38201/
12. R. G imes, “S op he Insani y: MFA Does No S op 99% o A acks,” LinkedIn, Jun. 08, 2022.
Accessed: June. 24, 2024. [Online]. A ailable: h ps://www.linkedin.com/pulse/s op-
insani y-m a-does-99-a acks- oge -g imes
13. Y. A. Gao, J. Basney, and A. Wi he s, “SciTokens SSH: Token-based Au hen ica ion o
Remo e Login o Scien i ic Compu ing En i onmen s,” in PEARC ’20: P ac ice and
Expe ience in Ad anced Resea ch Compu ing, Associa ion o Compu ing Machine y, Jul.
2020, pp. 465–468. Accessed: June. 24, 2024. [Online]. A ailable:
h ps://dl.acm.o g/doi/10.1145/3311790.3399613
14. R. G imes, “Access Con ol Token T icks,” in Hacking Mul i ac o Au hen ica ion, Wiley,
2021, pp. 141–161. Accessed: Jul. 2, 2024. [Online]. A ailable:
h ps://doi.o g/10.1002/9781119672357.ch6.
15. LienChi-Wei, “Challenges and Oppo uni ies o Biome ic Use Au hen ica ion in he Age o
IoT: A Su ey,” ACM Compu ing Su eys, ol. 56, no. 1, Aug. 2023.
16. A. Rabkin, “Pe sonal knowledge ques ions o allback au hen ica ion,” ACM O he
con e ences. Accessed: Jul. 2, 2024. [Online]. A ailable:
h ps://dl.acm.o g/doi/10.1145/1408664.1408667
17. E. Komenda, “A e secu i y ques ions e ible o accoun secu i y?” P o on. Accessed: Jul. 4,
2024. [Online]. A ailable: h ps://p o on.me/ blog/ secu i y-ques ions- laws-solu ions.
18. M. G aba in, M. S einke, D. Pohn, and W. Hommel, “A Ma ix o Sys ema ic Selec ion o
Au hen ica ion Mechanisms in Challenging Heal hca e ela ed En i onmen s,” ACM
Con e ences. Accessed: June. 10, 2024. [Online]. A ailable:
h ps://dl.acm.o g/doi/10.1145/ 3445969.3450424.
19. M. Mul aney, “O acle APEX + OKTA Iden i y Cloud Au hen ica ion & Au ho iza ion
guide,” P e ius. Accessed: Jul. 1, 2024. [Online]. A ailable: h ps://p e ius.com/blog/apex-
ok a-guide
In e na ional Jou nal o Co e Enginee ing & Managemen
Volume-7, Issue-11, 2024 ISSN No: 2348-9510
367
20. O acle, “Managing Mul i ac o Au hen ica ion,” O acle Cloud In as uc u e. Accessed: Jul.
7, 2024. [Online]. A ailable: h ps:// docs.o acle.com/en-
us/iaas/Con en /Iden i y/Tasks/usingm a.h m
21. T. Suleski, M. Ahmed, W. Yang, and E. Wang, “A e iew o mul i- ac o au hen ica ion in
he In e ne o Heal hca e Things,” DIGITAL HEALTH, ol. 9, Jan. 2023, doi:
10.1177/20552076231177144.
22. M. S. Almadani, S. Alo aibi, H. Alsobhi, O. K. Hussain, and F. K. Hussain, “Blockchain-
based mul i- ac o au hen ica ion: A sys ema ic li e a u e e iew,” In e ne o Things, ol.
23, p. 100844, Oc . 2023, doi: 10.1016/j.io .2023.100844.
23. M. Misbahuddin, B. S. Bindhumadha a and B. Dheep ha, "Design o a isk based
au hen ica ion sys em using machine lea ning echniques," 2017 IEEE Sma Wo ld,
Ubiqui ous In elligence & Compu ing, Ad anced & T us ed Compu ed, Scalable
Compu ing & Communica ions, Cloud & Big Da a Compu ing, In e ne o People and Sma
Ci y Inno a ion (Sma Wo ld/SCALCOM/UIC/ATC/ CBDCom/IOP/SCI), San F ancisco,
CA, USA, 2017, pp. 1-6, doi: 10.1109/UIC-ATC.2017.8397628.
24. Na ional Ins i u e o S anda ds and Technology, “Ze o T us A chi ec u e: NIST Publishes
SP 800-207,” NIST. Accessed: June. 7, 2024. [Online]. A ailable:
h ps://www.nis .go /news-e en s/news/ 2020/08/ze o- us -a chi ec u e-nis -
publishes-sp-800-207
25. R. Ryu, S. Yeom, D. He be , and J. De moudy, “The design and e alua ion o adap i e
biome ic au hen ica ion sys ems: Cu en s a us, challenges and u u e di ec ion,” ICT
Exp ess, ol. 9, no. 6, pp. 1183–1197, Dec. 2023, doi: 10.1016/j.ic e.2023.04.003.
26. A. Cha e jee, “Cus om Au hen ica ion,” O acle Help Cen e . Accessed: Jul. 7, 2024.
[Online]. A ailable: h ps://docs.o acle.com
/en/da abase/o acle/apex/22.1/h mdb/cus om-au hen ica ion.h ml
27. A. Cha e jee, “Da abase Accoun s,” O acle Help Cen e . Accessed: Jul. 7, 2024. [Online].
A ailable: h ps://docs.o acle.com/en/da abase/ o acle/apex/22.1/h mdb/da abase-
accoun s.h ml
28. olyon, “Mic oso En a ID documen a ion - Mic oso En a ID,” Mic oso Lea n.
Accessed: Jul. 10, 2024. [Online]. A ailable: h ps://lea n.mic oso .com/en-
us/azu e/ac i e-di ec o y
29. OKTA, “Add an O acle Applica ion Exp ess app,” Ok a Access Ga eway. Accessed: Jul. 6,
2024. [Online]. A ailable: h ps://help.ok a.com/oag/en-us/con en / opics/access-
ga eway/add-o acle-appx.h m