Mike Miller is a senior security researcher at Onapsis, with a strong background in Oracle systems. This is his first blog post, a re-cap of a recent interview he did with Oracle Magazine.
Our quarterly analysis of the Oracle CPU, in which we discuss the first release of the year, January 2019.
Manage the risk to your organization by including ERP systems SAP and Oracle in your overall cybersecurity strategy.
Beyond applying patches and reviewing configuring settings, securing Oracle EBS is a process.
Automating vulnerability assessments and controls monitoring for Oracle E-Business Suite.
Why prioritizing vulnerability management and getting ahead of risk is important.
Are you worried about what will be found on your ERP system?
At Onapsis we are dedicated to continuously improving security in business-critical applications. Today Onapsis Research Labs released the first Oracle Security In-Depth (OSID) paper. After several years (and 13 different documents) of publishing SAP Security In-Depth (SSID), we are increasing our library to now include Oracle applications.
This is the fourth consecutive blog post in our series on how to make Oracle E-Business Suite more secure. In this post, we will focus on reducing the attack surface - something that is a critical component for any successful information security strategy. The more you can reduce the components that are exposed to attackers (and to vulnerabilities), the more you can focus on keeping your exposed systems secure. In Oracle E-Business Suite, this feature is called Allowed JSPs and Allowed resources.
SAP has its own specific JAVA virtual machine implementation called SAPJVM, which according to SAP documentation: "...is derived from Sun’s HotSpot VM and JDK implementation ... the SAP JVM is only targeting server-side applications. Certain features related to client environments are intentionally omitted or are not supported for general use.".