Security Testing of Oracle Interfaces using MFT process

Slides:



Advertisements
Similar presentations
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
Advertisements

Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.
HP Quality Center Overview.
Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Secure Data Transmission James Matheke Information Security Architect Ohio Department of Job and Family Services.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
WORKDAY TECHNOLOGY Stan Swete CTO - Workday 1.
Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.
Confidential FullArmor Corp Platform for SaaS and mobile apps to remotely access, migrate, and sync Active Directory resources with the cloud ADanywhere.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
Chapter 7 Database Auditing Models
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Maintaining a Microsoft SQL Server 2008 Database SQLServer-Training.com.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206.
Module 9 Configuring Messaging Policy and Compliance.
…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
Computer Emergency Notification System (CENS)
Module 9 Configuring Messaging Policy and Compliance.
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC PUBLIC CO900G L03 - Design, Implement, and Manage FactoryTalk Security.
Continuous Backup for Business CrashPlan PRO offers a paradigm of backup that includes a single solution for on-site and off-site backups that is more.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Interstage BPM v11.2 1Copyright © 2010 FUJITSU LIMITED INTERSTAGE BPM ARCHITECTURE BPMS.
KeepItSafe Solution Suite Securely control and manage all of your data backups with ease, from a single location. KeepItSafe Online Backup KeepItSafe.
©2014 Cleo. All rights reserved. Company confidential. Managing Chaos: Andy Moir Director, Product Marketing 2 Data Movement in 2015.
Oracle Enterprise Planning and Budgeting May 21, 2004 Mike Hipps Principal Sales Consultant North American Sales © 2003, 2004 Oracle Corporation. All.
October 2014 HYBRIS ARCHITECTURE & TECHNOLOGY 01 OVERVIEW.
SUSE Linux Enterprise Server for SAP Applications
Security Issues in Information Technology
©2016 Cleo. All rights reserved. Confidential.
Encrypted from CDS Office Technologies
Company Bundesdruckerei GmbH Headquarters Berlin Industry High tech
Cloud Security– an overview Keke Chen
Citrix: Proactively Addressing Enterprise Wide Access Compliance with SAP® Access Violation Management Company Citrix Systems Inc. Headquarters Ft. Lauderdale,
Data and Applications Security Developments and Directions
SaaS Application Deep Dive
NETWORK SECURITY Cryptography By: Abdulmalik Kohaji.
Get the Most Out of GoAnywhere: Agents
All-Inclusive Testing in API Management
Study course: “Computing clusters, grids and clouds” Andrey Y. Shevel
THE STEPS TO MANAGE THE GRID
Speaker’s Name, SAP Month 00, 2017
BY GAWARE S.R. DEPT.OF COMP.SCI
Advanced Security Architecture System Engineer Cisco: practice-questions.html.
BOMGAR REMOTE SUPPORT Karl Lankford
Continuous Performance Engineering
2016 Primeur ©.
HATS – Hierarchical Automated Test Sequencer Platform
Managing Chaos: Data Movement in 2014 Steve Jordan
Collaborative Business Solutions
TRIP WIRE INTRUSION DETECTION SYSYTEM Presented by.
Course: Module: Lesson # & Name Instructional Material 1 of 32 Lesson Delivery Mode: Lesson Duration: Document Name: 1. Professional Diploma in ERP Systems.
JOINED AT THE HIP: DEVSECOPS AND CLOUD-BASED ASSETS
Open Source Tool Based Automation solution with Continuous Integration and end to end BDD Implementation Arun Krishnan - Automation Manager Maria Afzal-
Third-party risk management (TPRM)
GRC - A Strategic Approach
Features Overview.
IT Management Services Infrastructure Services
Sending data to EUROSTAT using STATEL and STADIUM web client
STATEL an easy way to transfer data
Comodo Dome Data Protection
Presentation transcript:

Security Testing of Oracle Interfaces using MFT process Swikruti Mohapatra, Sowmya Narayanarao & Vinay Kammar | FAI

Abstract This presentation outlines the security features of MFT and how it helps in Security Testing Security testing is a testing technique to determine if an information system protects data and maintains functionality as intended.  Overview of Oracle MFT :  Oracle Managed File Transfer (MFT) is a high performance, standards-based, end-to-end managed file gateway which is designed from the bottom up to make it easy for organizations to manage, monitor and secure file transfers. It protects against inadvertent access to unsecured files at every step in the end-to-end transfer of files  This presentation outlines how we can achieve greater agility and accelerate DevOps QA strategy This presentation outlines how we can achieve greater agility and accelerate. Applications.

Oracle MFT and Security features: Oracle Managed File Transfer (MFT) enables secure file exchange and management with internal departments and external partners. You can protect data in your DMZ by using the SSH/FTP reverse proxy. The MFT console includes transfer prioritization, file encryption, scheduling, and embedded FTP and sFTP servers. Security is maintained with security policies such as OWSM (Oracle Web Service Manager). KEY FEATURES:- End to End Auditability, Control and Reporting Built-in Security, Identity management, LDAP and PGP encryption Compression, Scheduling and fully extensible file handling framework Extensive endpoint support: embedded SSH, FTP, File, SOAP Very well Integrated with SOA and B2B Highly available and clustered including a DMZ reverse proxy Protects files with end to end security System consolidation, cost savings and multi-platform Enables cloud adoption for large files

Oracle Managed File Transfer Process You can perform various operations, such as scheduling, file encryption, resubmitting transfers, purging data, and many more such operations by using Oracle Managed File Transfer.   Oracle Managed File Transfer lets you perform the following operations during the transfer process: Scheduling Resubmitting Attaching inline or referencing Compression and decompression Encryption and decryption Archiving, renaming, and deletion Purging transfer instances and files Pausing and resuming Securing with OWSM policies

Oracle Managed File Transfer Architecture The main components of Oracle Managed File Transfer includes configuration data, the user-interface console, embedded FTP and sFTP servers, security, and interfaces to various types of file transfer endpoints. Oracle Managed File Transfer can consist of multiple managed servers that provide high availability Figure: Oracle Managed File Transfer Architecture

Attributes of security testing: Authentication: The origin of the application and its data is genuine. Authorization: Specific users should only get access to authorized functions. Confidentiality: Data/information is secure from theft. Integrity: The application and its data is not altered in course of time during transmission. Non repudiation: Guarantee that sender and receiver of information cannot deny having sent or received the data.   In the end, security testing makes applications reliable and minimizes the risk of theft or misuse of confidential data.  The goal of security testing is to identify the threats in the system and measure its potential vulnerabilities. It also helps in detecting all possible security risks in the system and help developers in fixing these problems through coding.

We deliver several benefits through our Security Testing Service: Testing focused on the business priorities to ensure business runs as usual Reduced spends on managing breaches and their consequences Enhanced ability to collaborate with external sources (vendors, developers, customers) Security Audit Security testing control and scope in Oracle using MFT: Oracle MFT has a build in feature of email notification/alert for different kind of events which keeps the system secured and the users informed of any data transfer. It is well equipped with the system which gives us an alert in case of any failed transfer. Notifications can be tailored to notify users as a part of security business requirements.  MFT provides a huge benefit in security audit as it provides detailed information on each transfer including: file name, partner name, endpoint name, transfer status, compression or encryption. It keeps records of all actions on the servers, which can be used for troubleshooting or turned in for audits which is required to prove that a company has displayed adequate accountability for its data.  High level of security using LDAP and PGP encryption  

Encryption and Decryption process

MFT Process used in FAI MFT helps to automatically send/receive the files to/from Third party without any manual intervention. It transfers the files from Oracle outbound directory to third party server or transfers file from third party server to Oracle inbound directory. It picks the file as soon as it comes to the location and transfers to third party and it can be scheduled to process the files as per business requirement. Figure: Process flow of Outbound interface

References & Appendix http://docs.oracle.com/middleware/12211/mft/mft-user-guide/GUID-8ACC7C8B-6251-4B13-A811-DFDE3BB60D89.htm#MFTUG4316 http://docs.oracle.com/middleware/12211/mft/mft-user-guide/GUID-E68C24F1-C51C-4863-805C-73331A6E6374.htm#MFTUG252 https://en.wikipedia.org/wiki/Managed_file_transfer https://www.sans.org/reading-room/whitepapers/testing/automated-security-testing-oracle-forms-applications-35970 http://www.oracle.com/technetwork/middleware/mft/learnmore/oraclemftgettingstarted-2226782.pdf http://soamagic.blogspot.com/2016/05/notification-from-oracle-mft-12c12.html

Author Biography Qualification: B.Tech Total 4 years of Experience in IT Industry 2.5 years of work Experience as an Oracle apps Consultant across PTP and Financial modules. Work responsibilities included Critical Batch monitoring, working on priority Oracle SR’s to provide customer solutions, Currently working as a QA Engineer with responsibilities of writing test scenarios, Developing Automation test scripts using OATS, Involved in various end-to-end testing across Oracle Modules.

Q & A

Logo of your organization

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.