Hacking & Protecting Oracle E-Business Suite

Date: Thursday March 21, 2019
Time: 12:00 PM ET

ERP applications are an attractive target for attackers due to the business sensitive information they store such as customers, suppliers, credit cards and personal information, among others. This presentation includes research of more than 180 vulnerabilities found in a year for Oracle E-Business Suite including different types and risks such as Denial of Service, Password Disclosure, User Creation, Cross Site Scripting, and the mitigation options to protect these systems.

Attend this session to learn:

  • The basics related to key vulnerabilities and how they work
  • Show real-life scenarios of how an attacker can take advantage of the vulnerabilities
  • How to prevent attacks in Oracle E-Business Suite
  • Advantages and disadvantages of the Security Configuration Console
  • The importance of patch management


Mike Miller

Senior Security Researcher

Michael Miller is a senior security researcher and architect at Onapsis with over twenty years of working with Oracle technologies and applications. He holds several security certifications from (ISC)2 and is a frequent speaker at industry conferences. He has experience securing, managing and delivering cloud-based enterprise services, considerable technical experience and deep knowledge of IT security, enterprise applications and a passion for excellence and the simplification of business processes.

His certifications include Cloud Security Alliance Certificate of Cloud Security Knowledge (CCSK), Certified Information Systems Security Professional (CISSP), Information Systems Security Management Professional (ISSMP), Certified Cloud Security Professional (CCSP), Oracle Corporation Security Customer Advisory Board (2005-2007), ITIL v3 Foundations certified.

He is regularly invited to speak and host trainings at global industry conferences including Blackhat, HackInTheBox, Troopers, and SAP TechEd/DCODE.

Onapsis respects your privacy, please view our updated privacy policy.