This is a quick summary of Integrigy’s latest research on PeopleSoft. Was sending this to a client and decided it was a good posting:  Guide to PeopleSoft Logging and Auditing How to Control and Secure PeopleSoft DBAs and Developers...

This is the forth posting in a blog series summarizing the new Oracle E-Business Suite 12.2 Mobile and web services functionality and recommendations for securing them. Physically deploying REST services with 12.2 is straightforward. REST is an...

This is the third posting in a blog series summarizing the new Oracle E-Business Suite 12.2 Mobile and web services functionality and recommendations for securing them. Web services are physically deployed differently depending on whether they...

This is the second posting in a blog series summarizing the new Oracle E-Business Suite 12.2 Mobile and web services functionality and recommendations for securing them. Approximately 2,900 web services are created with an update to or...

Securing packaged software such as the Oracle E-Business Suite presents different challenges than securing bespoke custom software. Unlike custom software, both the structure of and the security vulnerabilities of the Oracle E-Business Suite are...

With the upcoming on-premise release of Oracle Database 12.2.0.1, Oracle has updated the Critical Patch Update (CPU) security patch end dates for 11.2.0.4 and 12.1.0.2.  Currently (as of January 2017), only 11.2.0.4 and 12.1.0.2 are supported...

Oracle has fixed 250 security vulnerabilities in the Oracle E-Business Suite from January 2016 to January 2017.  The past five Oracle Critical Update Updates (CPU) have included double or triple digit number of fixes for Oracle E-Business Suite...

As of December 2016, Oracle has extended Critical Patch Update (CPU) support for Oracle E-Business Suite 11.5.10 until October 2017 for additional fee Tier 1 support/Advanced Contract Support (ACS) customers.  Starting with the April 2016...

For those clients using Oracle Discoverer, especially those using Discoverer with the Oracle E-Business Suite for financial reporting, the October 2016 Oracle Critical Patch Update (CPU) include a high-risk vulnerability reported by Integrigy...

Starting with the April 2016 Critical Patch Update (CPU), Oracle E-Business Suite 11.5.10 CPU patches are only available for customers with additional fee Tier 1 support contracts.  As of December 2016, no more CPU patches are available for...

The list of Oracle Database versions supported for Critical Patch Updates (CPU) is getting shorter and shorter.  Starting with the October 2016 CPU, only 12.1.0.2 and 11.2.0.4 are supported.  In order to apply CPU security patches for all...

The Data Mover allows for total manipulation of data within PeopleSoft. You can use it to transfer data among PeopleSoft databases, regardless of operating system and database vendor. To state that Data Mover scripts need to be carefully secured is...

When performing a PeopleSoft security audit Integrigy carefully reviews batch processing activity generated through the Process Scheduler. Of particular focus is who has access to administer the Process Scheduler and reviewing batch jobs to identify...

When performing a PeopleSoft security audit, reconciling users should be one of the first tasks. This includes default accounts created through the installation of PeopleSoft as well as user accounts associated with staff, vendors and customers....

Jolt along with Tuxedo supports PeopleSoft web requests. Specifically, Jolt is the layer between the application server and the web server. It is also described as a Java-enabled version of Tuxedo. When performing a PeopleSoft security audit,...