Oracle released the quarterly critical patch updates on April 16th, 2019. Only one week later a zero-day vulnerability was identified by the KnownSec-404 security team. The vulnerability exists in Oracle Weblogic Server and has been labeled as CVE-2019-2725 and is also reported by the BSI (Bundesamt für Sicherheit in der Informationstechnik, Zero-Day-Schwachstelle in Oracle WebLogic Server, 25.04.2019). Affected modules for this vulnerability are the wls9_async_response package with its components wls9_async and wls-wsat. With the help…
Hallo Community, aus gegebenen Anlass möchte ich ein paar Worte über Oracle DBSAT – Database Security Assessment Tool verlieren. Ein…
Wer spricht denn heute noch von Software-Lizenzen, im Zeitalter von Open Source, Digitalisierung und Cloud? Nun, für die Zukunft mag…
WS-Security Username Token Profile is a simple authentication scheme for SOAP-webservices using username an password sent in the requests‘ WS-Security headers. The password is hashed using a salt and a timestamp (password digest) to prevent replay attacks. It is specified in this document. As this does not involve any message encryption it should not be used without transport encryption.
In this post I will show how I configured this for a webservice to be deployed on a recent Weblogic Server (12.2.1.2).
If you try to implement with Java the client side for a HTTPS communication with client authenification and google for…
Inside an enterprise there are a lot of machines communicating with each other. It is necessary to keep these communications…
Most bigger companies are today building up a enterprise SOA. On of the key characteristic of the enterprise SOA is…
When developing enterprise applications it is best practice check in the source code into a version control system. Additionally to…