How to be prepared for a black swan scenario?
Cyber Security
Play environment for WebGoat, WebWolf and Juice Shop
In this blog post, I will show how you can install the OWASP training tools WebGoat, WebWolf and JuiceShop on your local laptop using Vagrant.
Anchore Engine: Container image vulnerability scanning
Applications nowadays, are usually deployed inside containers. A container consists of libraries and tools which allow the application to run inside. Since there can be exploitable vulnerabilities, it is not only important to take security into account for your application, but also for the container it runs in. There are […]
How to securely access remote content without using a VPN: Use a proxy server accessed through an SSH tunnel
There are numerous occasions that I was limited in my work because of connectivity which could not be trusted. For example; I could not download large installers due to a proxy anti virus tool which manipulated downloads causing files to become corrupted. I needed to visit a website to find […]
SSL/TLS: How to choose your cipher suite
For SSL/TLS connections, cipher suites determine for a major part how secure the connection will be. A cipher suite is a named combination of authentication, encryption, message authentication code (MAC) and key exchange algorithms used to negotiate the security settings (here). But what does this mean and how do you […]
One of the many nice new features in 12c database: code based access control
Topic of this blog is a nice new feature in 12c, not the plsql package I built that’s using it. So here’s the story.. For one of our customers we needed to have a simple schema comparison tool that would be able to check, as part of application deployment activity, […]
Digital Transformation calls for comprehensive Information Security measures.
Do you want to know how your company can survive Cyber Security threats? And what can be an approach to stay compliant? Have you ever thought about security related opportunities and business enablers? Then continue reading this blog post! And find out how we can help you. Digital Transformation takes […]
Simple security system using Raspberry Pi 2B + Razberry + Fibaro Motion Sensor (FGMS-001)
In this article I’ll describe how I created a simple home-brew burglar detection system to send me a mail when someone enters my house (so I can call the police). First my choice for the components is explained. Next how these components combine to achieve the functionality wanted. Based on […]
How to integrate Oracle Enterprise Single Sign on with Windows login.
Last month I helped a customer integrate a legacy application with Oracle Enterprise Single Single On (ESSO) version 11.1.2.3. I configured the legacy application within ESSO so the login manager would recognize the screens and log the user in. I got it all to work, but ran into a problem […]
Oracle Cloud en de Europese Privacy regels; waar moeten we op letten?
Als Oracle gebruiker ziet u de mogelijkheden van de Oracle Cloud. De grote flexibiliteit, de mogelijkheid om capaciteit bij en af te schalen, instant diensten en het maandelijkse verrekenmodel. Alleen al de korte doorlooptijd voor (tijdelijke) omgevingen en de verminderde beheerinspanning kunnen leiden tot een flinke verbetering in efficiëntie. Zo bent u minder bezig met de dagelijkse operatie van […]
Reflections after Oracle OpenWorld 2015 – Identity Management (IAM, OIM, OAM and primarily: IDCS)
Clearly, identity and access management is crucial. For on premises enterprise applications, with mobile apps and no less with cloud based applications. Identity and Access Management revolves around a number of aspects: · management of users and accounts, passwords and access methods as well as management of roles, application privileges, […]
Whitepaper: How to reach an optimal Cloud Security Level
With the rise of cloud applications, a new way of looking at security is required. Security is no longer concentrated only within the perimeter of your company. The scope of your security management also needs to include the cloud providers that offer services to you. From a security perspective, this […]
Database security for MySQL – MySQL Database Firewall
Looking at breaches in information systems and Cyber Crime the focus of the perpetrators is always aimed at our data. The goal is to copy, modify or even destroy the core of our business. Data protection serious business and you need to take serious measures to prevent unauthorized access. Almost half of […]
Use DB Vault to protect password strength policy
Suppose your organization wants to enforce a security policy on database password strength. The DBA’s have implemented a password strength verification function in PLSQL such as the oracle supplied ora12c_strong_verify_function in the DEFAULT profile of the database. There seems no way to get around it at first: Database account u4 […]
Managing identity information from multiple sources with Oracle Identity Manager, Part 1
When you are implementing Oracle Identity Manager to manage the identities within your organization, you may have to use multiple sources for identity information. For instance, there might be different departments with their own HR system and there might be separate sources for customers or business partners. In this article […]
Still no news from the security front…
This week I was doing research for one of our internal knowledge session when I stumbled across an interesting piece of history. I was tracing the history of computer security when I found an interview from Wired from the first people who implemented passwords as a security measure. They interviewed […]
Security Features of Standard Edition (One) – Part 2
or Some Musings on the Security Implications of Oracle Database Initialization Parameters Still following the steps of a database installation, this article will muse about some Initialization Parameters with security relevance. In order to make a Standard Edition database as secure as possible we could start by looking what is […]
WebLogic Server and OpenLDAP. Using dynamic groups
Dynamic groups in an LDAP are groups which contain a query to specify its members instead of specifying every member separately. Efficient usage of dynamic groups makes user maintenance a lot easier. Dynamic groups are implemented differently in different LDAP server implementations. Weblogic Server can be configured to use dynamic […]
How to integrate OAM with windows natively (Part 2)
Two weeks ago one of my co-workers asked me if it was possible to integrate Active Directory with Oracle Access Manager. So here is my two part mini-series on working with Oracle Access and Active Directory. Today I will talk about Kerberos authentication, or in other words, how you can […]
How to integrate OAM with Windows Active Directory (Part 1)
Last week one of my co-workers asked me if it was possible to integrate Active Directory with Oracle Access Manager. So here is my two part mini-series on working with Oracle Access and Active Directory. In the first post I will focus on integrating with active directory on a basic […]
Security Features of Standard Edition (One) – Part 1
or A closer look on database hosts The last couple of years quite a few organizations had a difficult time and internal costs where a main focal point was to save money. License costs was one thing where many IT-managers put their question marks and so often the decision was […]
Concurrentievoordeel door Identity- en Access Management
Elke organisatie maakt gebruik van Identity- en Acces Management (IAM/IDM). Dit is een van de basis elementen van goede informatiebeveiliging. Het afschermen van de bedrijfsgegevens is hierbij de eerste stap. Maar het toegang verlenen tot deze informatie, op een beheerste wijze en aan de juiste personen op het juiste moment, is […]
Cyber security is goed, cyber-weerbaarheid (Cyber Resilience) is beter
Accepteer dat je wordt gehackt Cyber security is een serieuze zaak. De bedreigingen die op ons afkomen beperken zich niet tot het missen van een aantal bestanden, het uitlekken van een adressenlijst of het uit de lucht halen van een website. Inmiddels vormen IT-systemen een essentiële en serieuze rol in […]
Bulk authorizing Oracle Unified Directory (OUD) users by adding them to OUD groups from the Linux/Unix Command Line
When using Oracle Unified Directory (OUD) as an identity store, it is in some occasions needed to add OUD users to OUD groups by hand. When you have to grant privileges to one user, this is easily done through the Oracle Directory Services Manager (ODSM) interface. However doing so for […]
SOA Suite 12c: Querying LDAP directories using the LDAP Adapter
SOA Suite 12c introduced a number of new adapters. One of them is the LDAP Adapter. In several earlier articles on this blog (for example https://technology.amis.nl/2014/08/08/oracle-soa-suite-12c-ldapadapter-tutorial/ by Maarten Smeets), we have described how to set up and configure the LDAP adapter and how to use it in conjunction with the […]
SOA Suite 12c: Creating user accounts in ApacheDS using the LDAP adapter (inspired by Maarten Smeets)
My colleague Maarten Smeets recently published a very good article on the first steps with the SOA Suite 12c LDAP adapter (https://technology.amis.nl/2014/08/08/oracle-soa-suite-12c-ldapadapter-tutorial). He inspired me to take my own first and next steps – and I need those for the Oracle SOA Suite 12c Handbook that I am currently writing. […]
Getting started with ApacheDS – LDAP Server and Directory Studio
Inspired by the work and some excellent blog articles by my colleague Maarten Smeets – and while writing about the LDAP Adapter in SOA Suite 12c for the Oracle SOA Suite 12c Handbook) I decided to give ApacheDS (LDAP Directory) a spin. This article lists the very basic steps for […]
SOA Suite 12c: Human Task and Escalation through the LDAP hierarchy
A Human Task in SOA Suite can be configured to automatically escalate when the task is not taken care of for a certain period of time. This escalation implies that the task is assigned to the person (or persons) one level higher up the organizational hierarchy than the people who […]
Major take-aways from Oracle OpenWorld 2014 – some relevant conclusions
Oracle OpenWorld 2014 is over. Just under a week, full to the brim with information, events, people, energy, plans, hopes and expectations. I have learned many, many things. Small things, important facts, huge insights and many great people. In this article, I will attempt to sum up the largest themes […]
Web- and Mobile-Oriented Architectures with Oracle Fusion Middleware – Oracle OpenWorld 2014
Mobile applications as well as a large class of modern HTML5 web applications are built on top of an architecture with special provisions, such as RESTful services; the personal cloud, to provide a cross-device experience; push; cache; localization; scalability; and secure interaction with the enterprise back end. Gartner refers to […]
How to hide login data of sql-scripts on Windows
One of the often given advices on hardening a database is to run scripts without broadcasting your login data at the same time. According to Arup Nanda in his famous articles on “Project Lockdown” you have three options to run your scripts without letting everybody in on your password secrets: […]
SOA Suite 12c: Invoke Enterprise Scheduler Service from a BPEL process to submit a job request
The Fusion Middleware 12.1.3 platform contains the ESS or Enterprise Scheduler Service. This service can be used as an asynchronous, schedule based job orchestrator. It can execute jobs that are Operating System jobs, Java calls (local Java or EJB), PL/SQL calls, and Web Service calls (synchronous, asynchronous and one-way) including […]
Cloud Control authorization with Active Directory
About 2 months ago I wrote an article about setting up user authentication in Cloud control, based on their account in the Active Directory. As promised, here is the second part describing Cloud Control authorization with Active Directory. A small recap about why this could be useful: If your company […]
Oracle SOA Suite 12c: The LDAPAdapter, a quick and easy tutorial
In enterprises, LDAP servers are often used to store user credentials and groups and share them among applications. Oracle SOA Suite 12c introduces a new technology adapter; the LDAPAdapter which allows easy integration with LDAP servers. In this blog post I will provide a quick and easy howto on installation […]
LDAP and Weblogic; Using ApacheDS as authentication provider for Weblogic
A Lightweight Directory Access Protocol (LDAP) server is often used to centralize management of users/groups/credentials within enterprises. An LDAP server stores user information such as group memberships and often also authorization/authentication data. You can use this information to authenticate on Weblogic Server. In this blog post I will provide a […]
Live Blog – AMIS Oracle Enterprise Mobility conference (21-23 May 2014) – Last Updated May 23rd – 16:30 CET
This article will provide a live account of the three day Enterprise Mobility conference, hosted by AMIS in Nieuwegein, The Netherlands. Oracle ADF Product Managers Frank Nimphius and Chris Muir are the keynote speakers. They are joined by Willem de Pater, Steven Davelaar and Lancy Silveira from Oracle and Luc […]
iOS App Security – Backgrounding screenshot
Every time security of apps comes up in any conversation it turns out a lot of people are unaware of this being an issue at all. Simple things like the screenshot iOS takes every time your app gets backgrounded are not the common knowledge I expected it to be by […]
AYTS: Summary of Access Management session
Recently started the Oracle program: Are You The Smartest. For me it is an opportunity to test my current knowledge level and to extend my knowledge. After every session I follow, I will write a brief summary as part of the preparation for the test. I will continue with the summary of the following […]
AYTS: Summary of Identity Governance Session
Recently started the Oracle program: Are You The Smartest. For me it is an opportunity to test my current knowledge level and to extend my knowledge. After every session I follow, I will write a brief summary as part of the preparation for the test. I will continue with the summary of the following […]
Creating an hierarchical user structure in embedded LDAP of weblogic
Introduction Users and groups are essential for the assignment of tasks in BPM and/or BPEL. On a production environment a seperate LDAP server is used, with it’s own administration tools. On a development enviromnent however, the embedded ldap in weblogic is used very often, giving you the flexibility to create […]