My Stuff
Default Avatar
See All the Unlockable Badges See All the Unlockable Badges

3936489 Newbie

Comments

  • As noted from prior discussions, "fixed" is an inappropriate term. The 500 response code is will be changed to a 404 on Friday, December 5. This should cause McAfee scanner to cease its False Positive reporting of the issue. It is notable that the 500 response does not come from Oracle Application server, nor does it have…
    in McAfee Vulnerability !!! Comment by 3936489 Dec 3, 2008 12:46PM
  • NetSuite has released an update to address a potential vulnerability on the Employee Center Track Time page. The Track Time page exposed a vulnerability due to inadequate checking of parameters passed via the Customer:Job field. An attacker with access to the creation of Customers in a NetSuite account may have been able…
    in Security/Injection problem found? Comment by 3936489 Mar 18, 2008 7:21PM
  • Andrew, Thank you for the notification. The case contains all the required information to reproduce and address this issue. This looks like a valid concern on the page you provided and is being given due attention. Chris Blum NetSuite
    in Security/Injection problem found? Comment by 3936489 Mar 14, 2008 10:59AM
  • Last week NetSuite determined that there is no vulnerability. As a point of closure, I'd like to post ScanAlert's conclusion based on the investigation NetSuite performed and the information we provided to ScanAlert: "We are constantly improving our scanner to help keep your site secure. This new test has found several…
    in Scanalert Vulnerability...3 times this month Comment by 3936489 Jan 21, 2008 2:19PM
  • NetSuite never disregards vulnerability assertions from the scanning vendors that our customers employ. We evaluate every assertion and determine if it is valid. Valid vulnerabilities receive TOP priority. ScanAlert is an automated system that tries to apply standard tests to all webstores and attempts to read the results…
    in Scanalert Vulnerability...3 times this month Comment by 3936489 Jan 18, 2008 1:27PM
  • I was instrumental in the design of the "Allow Support Access" Permission and I manage system access for the set of people who are able to debug issues in accounts where that Permission is enabled. I’d like to provide some clarification on the questions raised. As a security professional, I greatly respect healthy…
    in Allow NetSuite Support Login Comment by 3936489 Apr 30, 2007 11:32PM
  • The user created a Customer Center role in July for one company. Then, his current company created a new role for him in NetSuite and he set the password to the same value that he had used for the prior Customer Center role. When he logged in, we automatically take you into the role into which you most recently logged.…
    in Sharing logins across netsuite hosted domains - not good Comment by 3936489 Oct 27, 2006 2:02PM
  • I'll answer the questions under the assumption that you're interested in the NetSuite application. 1. What is your protection against DoS attacks? NetSuite provides multiple layers of redundancy at the network layer (including pipes and switches), at the load-balancing layer, and at the web server layer to minimize the…
    in Security related concerns Comment by 3936489 Mar 24, 2009 1:09PM