JP Perez-Etchegoyen

This is the fourth consecutive blog post in our series on how to make Oracle E-Business Suite more secure. In this post, we will focus on reducing the attack surface – something that is a critical component for any successful information security strategy. The more you can reduce the components that are exposed to attackers (and…

For a third week, we’re providing you with best practices for securing your Oracle E-Business Suite implementation. Today, we are going to talk about a common topic: password security. When it comes to password policy, the first thing that probably comes to mind is having a secure password. That is why in addition to all network security…

Last week, we begin a blogpost series with the objective of reviewing Oracle E-Business Suite Security. The first publication detailed how to activate the Server Security Feature, and in today’s post we will focus on password hashing. We will analyze the different types of hashing and how it is implemented in Oracle E-Business Suite. Hashing 101…

As most of our regular readers may know, the Onapsis Research Labs have been working on developing Oracle Security for several months. We’ve done this by updating our readers with analysis on quarterly patch updates, and to date have released over one hundred advisories for this platform. In our continous goal to provide the industry…

In this month’s SAP Security Notes, it’s noticeable that the priority of the majority of security notes are higher compared to previous month.

Today is the second Tuesday of September, which means that SAP has released their monthly batch of Security Notes. SAP published 21 SAP Security Notes this month (6 Notes were published after August the 8th, and did not have any Hot News items. Only four Notes this month were considered to be ‘high priority’ (16…

Today, SAP released their latest batch of monthly Security Notes. Despite this month not being specifically critical, Denial of Service attacks are a central point of concern. A Denial of Service (DoS) attack intends to make one or more resource unavailable. In the case of SAP, DoS attacks could be a partial and affect only…

Today we have released 12 new Oracle application advisories which affect two different products: Oracle E-Business Suite and JD Edwards. The advisories include various types of vulnerabilities such as Cross Site Scripting, Denial of Service, Password Disclosure and User Creation. After great success uncovering hundreds of vulnerabilities in SAP systems, our Research Labs are expanding our security advisories to now include…

Today, Onapsis Research Labs released 15 advisories related to SAP HANA and some building components, as well as Internal Communication Channels (also known as TREXNet). This is the first launch of more than 40 advisories we will be publishing in the following month including several vulnerabilities we have discovered in business critical application such as…