Creating clones and copies of production E-Business Suite databases is a regular occurrence. There are several PCI DSS requirements that apply to non-production instances of the Oracle E-Business Suite. No Production Cardholder DataThe most...

The real challenge for meeting PCI compliance is the secure management of all the components and parts of the Oracle E-Business Suite environment every day of year. While Release 12 of the Oracle E-Business Suite by default does not protect...

Continuing this blog series on PCI compliance and the Oracle E-Business Suite, this posting focuses on the Secure Payments Repository.  New with Release 12 of the E-Business Suite, credit card processing and data storage within Oracle...

To help understand the Oracle E-Business Suite’s standard functionality to help meet PCI compliance, it is useful to know the difference between what Oracle deems as external and internal accounts.Oracle defines “external accounts” as those accounts...

A common question we receive is about Corporate Cards and PCI compliance. Corporate Cards, credit cards held by employees for corporate purposes, are not usually subject to the scope of PCI DSS compliance.  Corporate Cards are classified as...

The next few blog postings will focus on PCI and the Oracle E-Business Suite. All Oracle E-Business Suite implementations that "store, process, or transmit cardholder data" must comply with Payment Card Industry (PCI) Data Security Standard...

PCI requirement 3.4 mandates that the Primary Account Number (PAN) is unreadable anywhere it is stored using one-way hashes or strong encryption. The Oracle E-Business Suite Release 12 meets this requirement first by centralizing cardholder data (...

Through parameter and URL tampering an attacker, or nefarious insider, can manipulate and/or construct URLs to expose information and/or attempt to circumnavigate Oracle E-Business Suite functionality - including parts of application security. There...

Attached files are an information leakage risk for the Oracle E-Business Suite. There are two sources, and the second is not commonly recognized.The first source is straight forward. Users of the E-Business Suite are free to upload and attach files...

It is rare to find customers who are not using Diagnostics to support their Oracle E-Business Suite. However, Diagnostics is commonly overlooked as a source of information leakage. By design, Diagnostics should not be enabled in production, or if it...

The Oracle E-Business Suite provides a large number of diagnostic and monitoring solutions. While these solutions offer comprehensive and in-depth information about your implementation, they can also be the source of serious information leakages....

As of December 1, 2013, Oracle E-Business Suite 11.5.10 moved into Sustaining Support.  Normally, Oracle Sustaining Support does not include security fixes in the form of Critical Patch Updates.  However, for 11.5.10, there is an exception...

New Security Features in Oracle EBS 12.2Thursday, October 24, 2013 - 2:00 pm EDTOracle E-Business Suite 12.2 introduces a number of new security features, enhancements, and changes. This eLearning webinar will examine each of these security features...

Going Without CPU Patches on Oracle EBS 11i?Tuesday, September 17, 2013 - 2:00 pm EDTAre you thinking, or maybe you have already decided, about not upgrading to R12?  Are you concerned about the impeding lack of CPU security patches for...

When You Can’t Apply Oracle Security PatchesTuesday, June 25, 2013 - 2:00 pm EDTAre you not applying, or maybe having difficulty in applying, Oracle security patches in a timely manner?  Are you quarters or years behind on security patches...