At Onapsis we recognize that information security means more than just protecting your business-critical applications from possible invaders. Worldwide, we see cybersecurity regulations maturing, leading to added pressure for companies to stay compliant. It is clear that, apart from the obvious technical component, the legal aspects of the information security domain demand a growing slice of attention to maintain business prosperity.
At Onapsis we are dedicated to continuously improving security in business-critical applications. Today Onapsis Research Labs released the first Oracle Security In-Depth (OSID) paper. After several years (and 13 different documents) of publishing SAP Security In-Depth (SSID), we are increasing our library to now include Oracle applications.
It’s the second Tuesday of the month and another set of SAP Security Notes has been released. Since the previous Patch Day in August, SAP has released 32 notes, including 16 out-of-date and another 16 released this morning. One striking observation is that this is the fifth month in a row without a Hot News note; the highest category for notes based on risk. In addition to that, for the three high-priority notes, two of them are updates for a July note and the other one only affects a single country making the risk much smaller.
SAP HANA is a very fast growing product in many SAP environments, that has moved away from just an in-memory database to a complete application plus database system. In today’s blogpost we’ll talk about the SAP HANA internal communication interface, discuss its use in different scenarios, the configuration parameters involved and the different options that SAP HANA administrators should consider to secure their systems. We’ll also perform an analysis of the default configuration introduced in SPS 12 reviewing different parameters and how they impact overall security.
After the release of our threat report about a critical vulnerability on “Unauthorized Business Data Exfiltration Vulnerability”, we are continuing our series of blogpost about Oracle E-Business Suite security. To keep our readers informed about security risks and mitigation techniques to Oracle’s biggest ERP, E-Business Suite (EBS), we will continue to publish blogs on a monthly basis.