Skip to main content

Cloud

Securing Oracle WebLogic Server – Introduction

I have been working with Oracle WebLogic Server for quite some time. I can count on my hands the number of deployments where security was a concern. This is a first post of a series that focusses on securing WebLogic Server. This series is inspired by the work I am currently doing with a client in the retail industry. The client has two primary concerns, namely Personally Identifiable Information (PII) and Payment Card Industry Data Security Standard (PCI DSS) compliance. More specifically, Oracle Fusion Middleware (FMW) products such as WebLogic Server, SOA Suite and Oracle Service Bus may be used to process and transport this type of data.

There is plenty of information on securing WebLogic Server out there. Why am I blogging on this topic you may ask? One, I believe there are a lot of poor practices when it comes to information security. I am a big believer that securing WebLogic Server has to be approached holistically. I will start from the installation, and build from there all the way to operations, administration and management (OA&M). Two, what you will find in these posts are actual strategies I am helping real clients implement. If they are concerned about information security why shouldn’t you? Three, soon WebLogic Server will be the foundation for many of Oracle’s products. You would be surprised of how quickly a disgruntled employee could literally breach a WebLogic Server environment. Would you want them to exploit this to gain access to other applications, custom developed or commercial off the shelf (COTS) products? In my next post, I will provide a roadmap for this series. In other words, I will provide a list of the topics I intend to cover in the short term.

In closing, as advised by Gideon T. Rasmussen, in his article Implementing Information Security: Risks vs. Cost, a healthy dose of paranoia may be warranted here. Paranoia is definitely on the menu!

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Alan Belisle

Alan Belisle is a solution architect within the Emerging Platform Solutions (EPS) National Business Unit (NBU). He is responsible for providing subject matter expertise on Oracle Fusion Middleware products and business integration practices such as Service-Oriented Architecture (SOA), Business Process Management (BPM), Event-Driven Architecture (EDA), Complex Event Processing (CEP), Master Data Management (MDM) and Enterprise Application Integration (EAI). Alan has more than 22 years of IT experience, with 17 years of technology consulting experience working with Fortune 500 and small business clients, and state and federal agencies. He holds a Bachelor of Science in Computer Science from Universite de Sherbrooke in Canada, and is currently completing his Master of Science in Managing Innovation and Information Technology at Champlain College in Burlington, VT.

More from this Author

Categories
Follow Us
TwitterLinkedinFacebookYoutubeInstagram