Oracle PeopleSoft Security Audit

Why would you need Oracle PeopleSoft Security Audit or Assessment?

Oracle PeopleSoft software combines multiple features to address such vital lines of businesses as supply chain, human resources, supplier relationship management and much more. 6000+ customers worldwide have installed this software (57 % of Fortune 100 list). 20+ million employees use this software on daily basis.

A significant number of vulnerabilities revealed in this software by different researchers proves that it is possible for a third party to gain control over it, obtain mission critical data, be it social security numbers or HR, supplier and even credit card data. There are real examples of data breaches caused by vulnerabilities in Oracle PeopleSoft applications: in 2007 two California men were charged with hacking state university’s PeopleSoft system to fix their grades. Similarly, in 2012 University of Nebraska (UNL) officials have identified an undergraduate student who hacked into a system-wide database containing over 650,000 personal records of students.

How can we help with PeopleSoft Security Assessment?

We offer Oracle PeopleSoft Security Audit and Oracle PeopleSoft penetration testing services, aimed to show you the system as seen by an attacker. Penetration tests reveal insecure configuration and verify reliability of implemented security measures. Penetration tests serve to check for potential system breaches that most attackers rely on to get access to business-critical data, which can then be used for espionage, fraud or sabotage purposes. We employ qualified penetration testers who are highly experienced in assessing security of large enterprise business applications and ERP systems such as Oracle PeopleSoft. Our expertise when shared seems to give excellent results.

This service is intended for you if you understand the importance of improving security of PeopleSoft applications and want to demonstrate to the management board the possible attack consequences. In case you have already implemented some security controls for your system and want to make sure they are effective, this service will also suit you.

What do we do while auditing PeopleSoft system?

The process of penetration testing is very intelligent as every time our team selects different ways according to the best practices depending on your company type, industry, implemented solutions and architecture.

The scope of work includes:

  • Identification of most critical vulnerabilities in Oracle PeopleSoft and its components (Oracle database, Oracle Weblogic server, Oracle Tuxedo etc) by blackbox scan;
  • Exploitation of discovered vulnerabilities;
  • Gaining access to applications and escalating privileges;
  • Decryption of user passwords and testing them on other systems;
  • Post-exploitation and gathering data to break into interconnected systems.
  • Identification of external interfaces any other systems that can be used to exploit the target system;
  • Gaining access to business-critical data;

Upon completion you will be issued a report containing:

  • List of vulnerabilities and misconfigurations;
  • Real attack vectors describing how your system can be attacked;
  • Business risks related to exploitation of vulnerabilities;
  • Detailed recommendations for vulnerability patching;
  • Security guidelines for general system configuration;

Why us?

Are you looking for professional services at conducting security research of Oracle business application security security on daily basis? Are you responsible for security assessment for your Oracle System? Professionals who know ways how to protect your systems from known and potential threats? ERPScan experts were the first to publicly present research talks devoted to Oracle PeopleSoft security at the BlackHat conference in 2013. In 2014 we delivered the first and the only training on PeopleSoft security at BlackHat conference in LasVegas. In 2015 ERPScan researchers identified most critical vulnerability “TokenChpoken” in PeopleSoft, affecting 50% of large enterprises. ERPScan experts were acknowledged by Oracle 16 times from 2008 for identifying 40+ vulnerabilities in Oracle PeopleSoft applications. We are esteemed professionals who have the necessary expertise and qualifications, backed by 400+ vulnerabilities identified in the products of such companies as Oracle, SAP, IBM, HO, Microsoft, Apple, Google and Siemens, to name a few. ERPScan Research experts presented their talks about the newly discovered vulnerabilities on 70+ conferences worldwide.


“Oracle provides recognition to people that have contributed to our Security-In-Depth program. Oracle recognizes Alexander Polyakov from ERPScan for contributions to Oracle’s Security-In-Depth program.” Oracle

Interested? Request demo now

Contact us today.

Select your country:

Subscribe me your to mailing list