Jolt along with Tuxedo supports PeopleSoft web requests. Specifically, Jolt is the layer between the application server and the web server. It is also described as a Java-enabled version of Tuxedo. When performing a PeopleSoft security audit,...

When performing a PeopleSoft security audit, Integrigy reviews in detail the PeopleSoft Web Portal security settings to ensure they are set per best practice recommendations.  To do this yourself, use the table below to review your settings...

Protection of sensitive data while at-rest, in-motion or in-use all need to be addressed as part of a holistic security strategy. This includes both Personally Identifiable Information (PII) as well as sensitive PeopleSoft system configurations....

PeopleSoft Public users are not required to authenticate (sign on). These are generic accounts created for specific purposes, for example informational pages and/or company directories. Public users are also not subject to timeouts (session...

Oracle has released support for TLS 1.2 in Oracle E-Business Suite 12.1 and 12.2.  Previously, Oracle E-Business Suite only supported SSLv3 and TLS 1.0, which are no longer approved for use with Federal systems and are not PCI-DSS compliant as...

Being hospitable and welcoming to guests is usually considered good manners.  That said, being a gracious host does not mean you should be careless with your security. With regard to PeopleSoft application security, the user GUEST is a...

When performing a PeopleSoft security audit, reviewing what rights and privileges individual users have been granted for system and application security privileges (authorization) is one of the key deliverables. The following are several of the...

Securing the PeopleSoft Integration Broker (IB) ensures the security of messaging both within PeopleSoft applications and among third-party systems. The following are several of the key tasks that Integrigy performs during our PeopleSoft security...

Logging and auditing are one of the pillars of PeopleSoft Security.  Both application and database auditing is required. Logging and auditing support a trust-but-verify approach which is often deemed required to secure the activities of...

PeopleSoft, similar to other major ERP applications, while depending on a database to store information, arguably does not secure the supporting database. The security of the database is the client’s responsibility. In order to give a few...

The prior blog post (PeopleSoft Security Patches) reviewed PeopleSoft CPU patching. Worthy of its own post is the October 2014 CPU. A show of hands back in April at our PeopleSoft database security presentation at Collaborate 2016 (PeopleSoft...

The process of applying security patches starts with identifying which patches to apply. For PeopleSoft, security patches need to be considered for both the application and the major technical components. The application of security patches,...

Throughout the summer, Integrigy will be releasing new research on PeopleSoft security. This research focuses on the secure configuration of PeopleSoft and includes both the application and the major technical components such as the database (Oracle...

No, Oracle security vulnerabilities didn’t just get a whole lot worse this quarter.  Instead, Oracle updated the scoring metric used in the Critical Patch Updates (CPU) from CVSS v2 to CVSS v3.0 for the April 2016 CPU.  The Common...

Oracle E-Business Suite 11i is impacted by 8 security vulnerabilities in the April 2016 CPU, which includes the Oracle Configurator and Oracle Complex Maintenance, Repair, and Overhaul security bugs listed under the Oracle Supply Chain Products...