Oracle Security Blog

Protecting You Sensitive Data in the Oracle E-Business Suite
Wednesday, March 16, 2011 2pm - 3pm EDT

Top Ten Fraud Risks in the Oracle E-Business Suite
Thursday, February 24, 2010 2:00 PM - 3:00 PM EST

Here is a brief analysis of the pre-release announcement for the upcoming January 2011 Oracle Critical Patch Update (CPU) -

Upgrade Security in Your Oracle R12 Upgrade
Thursday, January 13, 2010 2:00 PM - 3:00 PM EST

Internal Auditor Primer: Oracle E-Business Suite Security Risks
Thursday, December 9, 2010 1:00 PM - 2:00 PM EST

Internal Auditors are trained to understand the financial aspects and the end user functionally of an ERP solution. However, most Internal Auditors have not been trained in the security features of an ERP system. This one hour auditing primer webinar will highlight the basic security that should be found within all implemented Oracle E-Business Suite (OEBS) systems.

IT Security Briefing: Security Risks in the Oracle Database
Thursday, November 18, 2:00pm - 3:00pm EST

Oracle October 2010 CPU - Oracle Database Impact
Thursday, October 28, 2:00pm - 3:00pm EDT

Every quarter, Oracle releases a Critical Patch Update (CPU) that fixes a number of security vulnerabilities in the Oracle Database. This quarterly educational session will focus on the October 2010 CPU and the impact on the Oracle Database. The topics will include:

The news reports describing the October 2010 Oracle Critical Patch Update (CPU) are using terms like "giant", "massive", and practically every other known synonym for a really big security patch release.  These news reports must be resonating with CIOs and CSOs as Integrigy has received a number of client calls and a huge response to our upcoming webinars detailing this CPU.

Here is a brief analysis of the pre-release announcement for the upcoming October 2010 Oracle Critical Patch Update (CPU) -

A potential and unconfirmed cross-site scripting (XSS) vulnerability in the Oracle Application Server has been reported on the Full Disclosure mailing list.  The vulnerability is in the FastCGI module delivered with the Apache httpd server that is incorporated into the Oracle Application Server.  Integrigy has not confirmed the vulnerability as the author has not released details but the author claims this XSS vulnerability is different than those previously fixed in the fcgi-bin echo programs.

Oracle has announced a slight change to the release schedule for Critical Patch Update (CPU) releases starting in 2011.  Rather than release on the Tuesday closest to the 15th of the month, now it will be the Tuesday closest to the 17th.  The intention of this shift is to provide more of a buffer for the January release to accommodate year-end close and vacations around the Christmas and New Years holidays.  Therefore, some of the CPU release dates have shifted by a week.

Oracle E-Business Suite Security Risks Primer for Internal Auditors
Tuesday, September 14, 2010 1:00 PM - 2:00 PM EDT

Internal Auditors are trained to understand the financial aspects and the end user functionally of an ERP solution. However, most Internal Auditors have not been trained in the security features of an ERP system. This one hour auditing primer webinar will highlight the basic security that should be found within all implemented Oracle E-Business Suite (OEBS) systems.

Oracle July 2010 CPU - Oracle Database Impact
Thursday, July 29, 2:00pm - 3:00pm EDT

Every quarter, Oracle releases a Critical Patch Update (CPU) that fixes a number of security vulnerabilities in the Oracle Database. This quarterly eLearning session will focus on the July 2010 CPU and the impact on the Oracle Database. The topics will include:

Here is a brief analysis of the pre-release announcement for the upcoming July 2010 Oracle Critical Patch Update (CPU) -