Matias Mevied

Oracle Security Specialist

Matias Mevied is Oracle Security Specialist at Onapsis. He is a systems engineer from the UTN and holds a Master's degree in Information Security from El Salvador University. Matias has been leading security teams focused on Oracle products for the last 7 years. He has experience assessing the security of JD Edwards, Siebel, Demantra, DCLink and Hyperion to name a few. Prior to that, he developed enterprise solutions and did consulting on diverse products and platforms. He is also a professor in the UTN university on the Information Security course.



Oracle October CPU: Onapsis Contributes to EBS Security by Reporting Almost 60% of the Vulnerabilities, Including Those Most Critical

One of the most important components of securing business-critical applications is to ensure the systems are always up to date with the latest security patches to reduce the risk level. Today Oracle released the last Critical Patch Update (CPU) of the year. In this CPU, Oracle stopped an increasing trend seen in the last three CPUs, where Oracle continually fixed more vulnerabilities during each new CPU. In the latest CPU, Oracle fixed 252 security vulnerabilities.

Onapsis Research Labs Releases First Oracle Security In-Depth Publication

At Onapsis we are dedicated to continuously improving security in business-critical applications. Today Onapsis Research Labs released the first Oracle Security In-Depth (OSID) paper. After several years (and 13 different documents) of publishing SAP Security In-Depth (SSID), we are increasing our library to now include Oracle applications.

Oracle July CPU Analysis: Onapsis helps patch critical vulnerability in E-business Suite

As a security vendor and Research Labs with the goal of protecting our customer’s business-critical applications we also have the continuous balance of proactively informing the community about emerging threats affecting their critical applications. A big part of this is our continuous work with vendors to help them secure vulnerabilities in their software. Today, for the third time, the July 2017 Oracle Critical Patch Update breaks a record on number of patched bugs with 308 vulnerabilities solved.

Protecting Oracle E-Business Suite: Reducing the Attack Surface

This is the fourth consecutive blog post in our series on how to make Oracle E-Business Suite more secure. In this post, we will focus on reducing the attack surface - something that is a critical component for any successful information security strategy. The more you can reduce the components that are exposed to attackers (and to vulnerabilities), the more you can focus on keeping your exposed systems secure.

Protecting Oracle E-Business Suite: Hashed Passwords

Last week, we begin a blogpost series with the objective of reviewing Oracle E-Business Suite Security. The first publication detailed how to activate the Server Security Feature, and in today’s post we will focus on password hashing. We will analyze the different types of hashing and how it is implemented in Oracle E-Business Suite.

Another Record Breaking Oracle CPU - April 2017

Yesterday, Oracle released its quarterly security patches and what a record breaking CPU it was! With close to 300 published patches, this marks the highest number of patches released to date for any CPU. This further validates the trend we have seen in previous CPU’s which is  to correct more vulnerabilities in Oracle products due to increased research submissions targeting different Oracle products.

Oracle CPU for January 2017 Breaks New Record

In this month's post we will analyze the January 2017 Oracle Critical Patch Update (CPU) and how it relates to Oracle Business Critical Applications. This CPU is special because the number of vulnerabilities fixed sets a new record for the amount of vulnerabilities fixed in a single CPU for Business Critical Applications. At Onapsis, we believe there are two main factors that contribute to this record breaking number of vulnerabilities in a single CPU. These two factors are the Researchers and of course, Oracle itself.

Oracle Publishes 253 New Vulnerabilities in October 2016 CPU

Yesterday, Oracle released its quarterly Critical Patch Update (CPU) to provide customers with detailed information about the latest vulnerabilities affecting Oracle business critical applications. This post will help Oracle customers better understand and prioritize the implementation of patches and testing of vulnerabilities on these systems within their organization.

In this CPU, Oracle published 253 patches which affect 76 different Oracle products. We will analyze the Critical Patch Update and then will focus on the Oracle E-Business Suite vulnerabilities.

Onapsis publishes 12 advisories for Oracle Business Critical Applications

Today we have released 12 new Oracle application advisories which affect two different products: Oracle E-Business Suite and JD Edwards. The advisories include various types of vulnerabilities such as Cross Site Scripting, Denial of Service, Password Disclosure and User Creation. After great success uncovering hundreds of vulnerabilities in SAP systems, our Research Labs are expanding our security advisories to now include Oracle products.

Pages