Includes a step-by-step CPU implementation guide for Oracle E-Business Suite.
April 2018 Oracle Critical Patch Update: Oracle Patches 254 Vulnerabilities, 176 Specific to Financials
Onapsis helps secure 92% of Oracle E-Business Suite Financials vulnerabilities
Onapsis confirms public exploit attacking Oracle applications can affect Oracle E-Business Suite
Oracle October CPU: Onapsis Contributes to EBS Security by Reporting Almost 60% of the Vulnerabilities, Including Those Most Critical
One of the most important components of securing business-critical applications is to ensure the systems are always up to date with the latest security patches to reduce the risk level. Today Oracle released the last Critical Patch Update (CPU) of the year. In this CPU, Oracle stopped an increasing trend seen in the last three CPUs, where Oracle continually fixed more vulnerabilities during each new CPU. In the latest CPU, Oracle fixed 252 security vulnerabilities.
At Onapsis we are dedicated to continuously improving security in business-critical applications. Today Onapsis Research Labs released the first Oracle Security In-Depth (OSID) paper. After several years (and 13 different documents) of publishing SAP Security In-Depth (SSID), we are increasing our library to now include Oracle applications.
This is the fourth consecutive blog post in our series on how to make Oracle E-Business Suite more secure. In this post, we will focus on reducing the attack surface - something that is a critical component for any successful information security strategy. The more you can reduce the components that are exposed to attackers (and to vulnerabilities), the more you can focus on keeping your exposed systems secure.
For a third week in a row, we’re providing you with best practices for securing your Oracle E-Business Suite implementation. Today, we are going to talk about a common topic: password security. When it comes to password policy, the first thing that probably comes to mind is having a secure password. That is why in addition to all network security layers, it is very important to have a proper password policy, along with a users list and groups so to follow a guideline of how passwords are formed.
Last week, we begin a blogpost series with the objective of reviewing Oracle E-Business Suite Security. The first publication detailed how to activate the Server Security Feature, and in today’s post we will focus on password hashing. We will analyze the different types of hashing and how it is implemented in Oracle E-Business Suite.
As most of our regular readers may know, the Onapsis Research Labs have been working on developing Oracle Security for several months. We’ve done this by updating our readers with analysis on quarterly patch updates, and to date have released over one hundred advisories for this platform. In our continous goal to provide the industry with greater resources to secure their business critical applications, starting today we will be publishing a series of weekly blog posts focusing on different areas of protecting Oracle E-Business Suite.
Yesterday, Oracle released its quarterly security patches and what a record breaking CPU it was! With close to 300 published patches, this marks the highest number of patches released to date for any CPU. This further validates the trend we have seen in previous CPU’s which is to correct more vulnerabilities in Oracle products due to increased research submissions targeting different Oracle products.