Applications Security

Get Involved. Join the Conversation.

Topic

    Orrin Char
    Expose all URLs accessed by users for use by external...
    Topic posted April 4, 2019 by Orrin CharGreen Ribbon: 100+ Points, tagged Financials, HCM, Public Sector, Security 
    73 Views, 2 Comments
    Title:
    Expose all URLs accessed by users for use by external security products, e.g. CASB
    Summary:
    Compliance sometimes requires alerts or analytics on specific user access behaviors, esp pages with sensitive information
    Content:

    New regulations require not only changes to sensitive information (monitored by Oracle CASB), but also views of sensitive information.  This kind of information is tracked in OAM (SAML Service Provider for Fusion Cloud) for authorizations, and could be filtered to ensure no sensitive information is exposed.  Lack of this feature could impact use of Fusion Cloud for entire countries in the near future.

    Comment

     

    • Orrin Char

      Feedback is that Fusion Cloud uses a fairly static URL, using a servlet to acquire and present content from the backend.  So, the OAM information will not be useful.  So, it seems that the audit code that currently tracks changes to sensitive information will need to have an option to track all accesses (including reads).

    • Rakesh Lathiya

      I don't see any option to do so. Please let me also know if you find anything on this. we are also looking for this.