Recommended Approach for Oracle E-Business Suite 12.2 Mobile and Web Services Security
This is the eleventh and final posting in a blog series summarizing the new Oracle E-Business Suite 12.2 Mobile and web services functionality and recommendations for securing them.
Deploying Internet-based Oracle E-Business Suite web services requires proper configuration of the URL Firewall, both the url_fw.conf and url_fw_ws.conf and the use of a WAF – ideally the Oracle API Gateway. This recommendation applies equally to all whose only use of web services is the Oracle Supplier Network (OSN). One opening of the attack surface exposed to the Internet exposes the entire Oracle E-Business Suite.
For Mobile and Smartphone applications, due to the overall complexity and additional license requirements, it is recommended to continue using VPN for deployment instead of using an External Node.
If you have any questions, please contact us at info@integrigy.com
-Michael Miller, CISSP-ISSMP, CCSP, CCSK
Reference
- Oracle E-Business Suite Mobile and Web Services Security - Integrigy Whitepaper
- Oracle E-Business Suite Mobile and Web Services Security - Integrigy Webinar
- Oracle E-Business Suite Release 12.2 Configuration in a DMZ (Note 1375670.1)