Single Sign-On (SSO) and Multi-Factor Authentication (MFA) provide extra layers of security to ensure that users accessing the application are who they say they are. Implementing SSO and MFA with Oracle E-Business Suite (EBS) can provide security and compliance benefits and may be required for cybersecurity insurance coverage. However, Oracle EBS does not natively support SSO or MFA and is usually a stand-alone island in terms of identity management, often one of the last applications not integrated with your identity management. This educational webinar discusses use cases for implementing S ..read more

Oracle released an out-of-cycle security alert on May 19, 2022 for Oracle E-Business Suite (EBS) to address an information disclosure security vulnerability. The vulnerability is being actively exploited in externally accessible Oracle EBS environments running modules such as iSupplier, iStore, iRecruitment, and iSupport. This vulnerability is exploitable in all Oracle EBS versions including 12.0 and 11.5 even though these versions are not listed in the Oracle advisory. This vulnerability may allow an unauthenticated user to view all the Oracle EBS users through the application Mana ..read more

The security of the Oracle E-Business Suite is a blind spot within most organizations. Compounding this security deficiency are a myriad of factors at play such as organizational misalignment and the complexity of the application. The Integrigy Cybersecurity Framework for Oracle E-Business Suite provides guidance and direction, based on existing standards, guidelines, and practices, for organizations to better manage and reduce cybersecurity risks for the Oracle E-Business Suite. The Framework formalizes the guidelines, practices, and activities required to secure the application, database, a ..read more

Customizing Oracle E-Business Suite (EBS) is different from developing custom-built applications as the development process is focused on many small development objects be it web pages, reports, interfaces, conversions, or extensions. This customization development process creates challenges for DevSecOps in that standard development workflows and development security tools like static code analysis do not work well in such a development environment. In addition, there are many different types of small and isolated development objects and multiple languages and technologies such as Oracle For ..read more

Oracle E-Business Suite 12.1.3 moved from Premier Support to Sustaining Support at the end of December 2021.  Sustaining Support does not include security patches, new security features, nor compliance or legislative updates.  In addition, Oracle Database 11.2.0.4 entered sustaining support as of December 2020.  This educational webinar reviews the current support state for Oracle E-Business Suite 12.1.3 and examines the security impact of desupport for the application, application server, and database.  Strategies are provided to help protect your Oracle E-Business Suite ..read more

Single Sign-On (SSO) and Multi-Factor Authentication (MFA) provide extra layers of security to ensure that users accessing the application are who they say they are.  Implementing either SSO or MFA or both with Oracle E-Business Suite (EBS) can provide security as well as compliance benefits, however, Oracle EBS does not natively support SSO or MFA. This educational webinar discusses use cases for implementing SSO and MFA with Oracle EBS and review the SSO and MFA options available for Oracle EBS environments. A walk-through is provided of the process to implement Integrigy AppDefend sol ..read more

Multiple significant security vulnerabilities (CVE-2021-44228, CVE-2021-45046, and CVE-2021-4104) have been disclosed and patched in the popular Java logging library Apache Log4j.  This library is installed in Oracle E-Business Suite (EBS) environments and these vulnerabilities may be exploitable in your environment depending on Oracle EBS version, Oracle EBS patches applied, and customizations or third-party products. On December 15th, Oracle has changed the remediation with the disclosure of the most recent Log4j security vulnerability (CVE-2021-45046) as the initial recommended fix wa ..read more

Multiple significant security vulnerabilities (CVE-2021-44228, CVE-2021-45046, and CVE-2021-4104) have been disclosed and patched in the popular Java logging library Apache Log4j.  This library is installed in Oracle E-Business Suite (EBS) environments and these vulnerabilities may be exploitable in your environment depending on Oracle EBS version, Oracle EBS patches applied, and customizations or third-party products. On December 15th, Oracle has changed the remediation with the disclosure of the most recent Log4j security vulnerability (CVE-2021-45046) as the initial recommended fix wa ..read more

Oracle E-Business Suite 12.1.3 moves from Premier Support to Sustaining Support at the end of December 2021.  Sustaining Support does not include security patches, new security features, nor compliance or legislative updates.  In addition, Oracle Database 11.2.0.4 entered sustaining support as of December 2020.  This educational webinar reviews the current and future support state for Oracle E-Business Suite 12.1.3 and examines the security impact of desupport for the application, application server, and database.  Strategies are provided to help protect your Oracle E ..read more

A new feature of Oracle Database 21c is Blockchain Tables, which also has been backported to 19c. Blockchain Tables are insert-only, tamper-proof tables used to protect data from abuse and fraud. Common use-cases of Blockchain Tables are for audit trails, compliance data, ledgers, and chain of custody or provenance information. This educational webinar reviews how Blockchain Tables work and dive into best practices for effectively using, securing, and managing Blockchain Tables.  The new feature database Immutable Tables released as part of 19.11 and 21.3 is reviewed which is a ..read more