Some customers have conducted Penetration Tests (PenTests) using their own tools to determine if BITeamwork meets certain standards of the IT security organization.
Customer will only receive few warnings using a PenTest tool but there should be no breaches or errors in our BITeamwork solution.
NOTE: This may also help to conclude any issues you PenTest describes for XSS.
For customers needed to completely resolve or under better the BITeamwork CORS process, it is used by BITeamwork to aid with remote server communications and this include servers within the company's own network depending on their configuration for OBIEE. Some clients have multiple load balancers, VPNs, or Web Tiers with Reverse Proxies and BITeamwork accounts for that in its default deployment with CORS enabled and setting the origin URL/URIs to an asterisk (*) for all access to the BITeamwork API.
The attached document provides a review of how your organizations OBIEE Administrator and Knowledgeable network admin penetration testing team can see how CORS can be updated or removed from BITeamwork on your OBIEE implementation of BITeamwork.
[See Attached File to this Article]