Identity and Access Management, Identity Governance

OMSS  Oracle Mobile and Social Service What is Oracle OMSS? Oracle Mobile and Social Service also called Oracle M&S is the OAM 11gR2PS3 version.  Prior to version 11.1.2.3, Mobile and Social Services was named Mobile Services.   OMSS provides two things - Mobile Services and Social Identity services Mobile Services connects applications and devices to the enterprise Access Management and Identity Management services available in the Oracle Identity Access Management product suite. This makes it easy to utilize sophisticated authentication and authorization services functionality (such as mobile device and application registration, and device fingerprinting) to restrict access to authorized devices only. Client applications can also implement knowledge-based authentication, a powerful feature that goes beyond basic password-based authentication. Mobile Services can be configured to require a valid device and client credential and a User Token with each application token reques

Before you begin installation of Oracle IAM  - Oracle Access Manager, Oracle Identity Manager etc, always start with Certification matrix. Check the below certification matrix for your version Oracle IAM   Certification matrix for Oracle Identity and Access Management For 11.1.2.2        For 11.1.2.3 Oracle IAM has several components - OAM     -  Oracle Access Manager OIM       -  Oracle Identity Manager OAAM   -  Oracle Adaptive Access Manager OMSS    -  Oracle Mobile Security Suite OES        -  Oracle Entitlement Server OPAM    -   Oracle Privileged Account Manager Below are some good links to installation and configuration of Oracle IAM. Install and configure OAM 11.1.2.3 (Oracle docs) Quick installation guide for OAM 11.1.2.3 Installation of OAM 11.1.2.3  (provides all steps with screenshots) Installation of OIM 11.1.2.3

Pen Tests should be part of your SDLC. Not only does it help in finding bugs early on in the software development life cycle, it also helps in reducing cost of fixing bugs and vulns later in the software release cycle. Why Should You Make Penetration Testing a Part of the SDLC? (Original article from  https://www.stickman.com.au/why-penetration-testing-must-be-part-software-development-lifecycle/ ) Making penetration testing an integral part of your software development lifecycle ensures that the end product turns out to be safe and secure for your customers. What normally happens is that a product is first developed and then at the end, a security assessment is conducted to check for vulnerabilities. The issues are usually fixed with a patching software, but this turns out to be much more costly than addressing the real issue. If issues are fixed during the software development process, much of the costs can be reduced by avoiding multiple cycles of testing–patching–retesting