Research

At Onapsis we recognize that information security means more than just protecting your business-critical applications from possible invaders. Worldwide, we see cybersecurity regulations maturing, leading to added pressure for companies to stay compliant. It is clear that, apart from the obvious technical component, the legal aspects of the information security domain demand a growing slice of attention to maintain business prosperity.

At Onapsis we are dedicated to continuously improving security in business-critical applications. Today Onapsis Research Labs released the first Oracle Security In-Depth (OSID) paper.

SAP HANA is a very fast growing product in many SAP environments, that has moved away from just an in-memory database to a complete application plus database system. In today’s blogpost we’ll talk about the SAP HANA internal communication interface, discuss its use in different scenarios, the configuration parameters involved and the different options that SAP HANA administrators should consider to secure their systems. We’ll also perform an analysis of the default configuration introduced in SPS 12 reviewing different parameters and how they impact overall security.

As a security vendor and Research Labs with the goal of protecting our customer’s business-critical applications we also have the continuous balance of proactively informing the community about emerging threats affecting their critical applications. A big part of this is our continuous work with vendors to help them secure vulnerabilities in their software. Today, for the third time, the July 2017 Oracle Critical Patch Update breaks a record on number of patched bugs with 308 vulnerabilities solved.

This is the fourth consecutive blog post in our series on how to make Oracle E-Business Suite more secure. In this post, we will focus on reducing the attack surface - something that is a critical component for any successful information security strategy. The more you can reduce the components that are exposed to attackers (and to vulnerabilities), the more you can focus on keeping your exposed systems secure. In Oracle E-Business Suite, this feature is called Allowed JSPs and Allowed resources.

For a third week, we’re providing you with best practices for securing your Oracle E-Business Suite implementation. Today, we are going to talk about a common topic: password security. When it comes to password policy, the first thing that probably comes to mind is having a secure password. That is why in addition to all network security layers, it is very important to have a proper password policy, along with a users list and groups so to follow a guideline of how passwords are formed.

Last week, we begin a blogpost series with the objective of reviewing Oracle E-Business Suite Security. The first publication detailed how to activate the Server Security Feature, and in today’s post we will focus on password hashing. We will analyze the different types of hashing and how it is implemented in Oracle E-Business Suite.

As most of our regular readers may know, the Onapsis Research Labs have been working on developing Oracle Security for several months. We’ve done this by updating our readers with analysis on quarterly patch updates, and to date have released over one hundred advisories for this platform. In our continous goal to provide the industry with greater resources to secure their business critical applications, starting today we will be publishing a series of weekly blog posts focusing on different areas of protecting Oracle E-Business Suite.