Steps to Implement SOA Purging in 12c Fusion: Shutdown SOA 12c Fusion domain (please follow sequence Managed servers, Admin Server, and Node Manager)Login to SOA 12c Fusion database as SYS and execute the following NOTE: SOAINFRA schema name could be different to what I am referring here as “SOAINFRA” GRANT ALTER SESSION TO SOAINFRA Ensure …
Slow HTTP Headers Vulnerability
During QUALYS Web Application Scanning of Oracle Fusion (Integration Layer), if one is facing the below security vulnerability, then follow the steps mentioned in the solution. ID and Name 150079 and Slow HTTP Headers Threat The web application is possibly vulnerable to "slow HTTP headers" Denial of Service (DoS) attack. This is an application-level DoS, …
OSB File Transport and Path Service Error Solution
Problem In a disaster recovery scenario, when a managed server that is configured as the primary node for the file transport-based proxy service goes down, due to some technical issue, then the file will go into error folder and hamper the processing of all the file transport-based services. Solution Login to OSB Console (sbconsole) with …
Continue reading "OSB File Transport and Path Service Error Solution"
OSB File Transport and Hash Member Error Solution
Problem In a disaster recovery scenario, when a managed server that is configured as the primary node for the file transport-based proxy service goes down, due to some technical issue, then the file will go into error folder and hamper the processing of all the file transport-based services. While processing a file via file transport-based …
Continue reading "OSB File Transport and Hash Member Error Solution"
New Composite Title Function in 12c
New Function in Oracle 12c In Oracle 11g, if one is defining the SOA instance title for a particular service/composite using function setCompositeInstanceTitle then they need to use setFlowInstanceTitle function in Oracle 12c, with a namespace as ‘oraext’. Syntax Difference: 11g: <extensionActivity> <bpelx:exec name="SetCompositeName" language="java"> <![CDATA[setTitle((String)getVariableData("compositeTitle"));setCompositeInstanceTitle((String)getVariableData("compositeTitle"));]]> </bpelx:exec> </extensionActivity> 12c: <extensionActivity> <bpelx:exec name="SetCompositeName" language="java"> <![CDATA[setTitle((String)getVariableData("compositeTitle"));oraext:setFlowInstanceTitle((String)getVariableData("compositeTitle"));]]> </bpelx:exec> …
Missing header Security Vulnerability
During QUALYS Web Application Scanning of User System - Oracle Fusion (Integration layer), if one is facing the below security vulnerabilities, then follow the steps mentioned in the solution. Vulnerability 1: ID and Name 150202 and Missing header: X-Content-Type-Options Threat The X-Content-Type-Options response header is not present. WAS reports missing X-Content-Type-Options header on each crawled …
Cookie Does Not Contain HTTPOnly Attribute Security Vulnerability
During QUALYS Web Application Scanning of user system like Oracle Fusion (Integration layer), if one is facing the below security vulnerability, then follow the steps mentioned in the solution. ID and Name 150123 and Cookie Does Not Contain The "HTTPOnly" Attribute Threat The cookie does not contain the "HTTPOnly" attribute. Impact Cookies without the "HTTPOnly" …
Continue reading "Cookie Does Not Contain HTTPOnly Attribute Security Vulnerability"
X-Frame-Options Header Security Vulnerability
During QUALYS Web Application Scanning of user system like Oracle Fusion (Integration layer), if one is facing the below security vulnerability, then follow the steps mentioned in the solution. ID and Name 150081 and X-Frame-Options header is not set Threat The X-Frame-Options header is not set in the HTTP response, which may lead to a …
Continue reading "X-Frame-Options Header Security Vulnerability"
Download Scan Report – QUALYS
How to export the Web Application Scan Report in Qualys? Step by Step Guide: Login to Qualys Portal and select Web Application Scanning on the right-hand side dropdown. Then Click on Scans and then again click on Scan List. Select the checkbox against your scan name which has got completed successfully Click on Report Now, …
Selenium Script – QUALYS WAS
Why Selenium Script in QUALYS Web Application Scan? The selenium script is an alternative way to authenticate the desired web application URL. In a scenario where your typical web application fails authentication due to continuous bombardment of WAS then one can use Selenium script as it gives a provision to wait for the stipulated timeframe …
SOA Solutions 