Information Security | Oracle
Oracle Blog

Posts Tagged ‘Information Security’

Securing Oracle WebLogic Server – The Hack Patch

Before I start, it is important to understand Oracle’s license terms. It is not uncommon to download Oracle products from the Oracle Technology Network (OTN). Here’s an extract from the Oracle Technology Network Free Developer License Terms “You may not cause or permit reverse engineering (unless required by law for interoperability), disassembly or decompilation of […]

Read more

Securing Oracle WebLogic Server – Ethical Hacking?

2013/05/21 Update: I made a correction to specify that AES uses a cipher key and not an initialization vector (more information on AES can be found here). Some may have positive reactions while others may have negative ones with the title of this post. The Securing Oracle WebLogic Server series was building up to this […]

Read more

Securing Oracle WebLogic Server – Configure

The next step after installing the software consists of creating the WebLogic domain. Before we do, as stated in the pre-installation posts, following OA&M best practices, application and user data must be separate from software products. The WebLogic domain could easily be created in the /var hierarchy on Linux or within the home or user […]

Read more

Securing Oracle WebLogic Server – Install

This post discusses the actual installation of WebLogic Server. Generally speaking, the installation of Oracle WebLogic Server, in reality, involves installing two software products: Java – typically a Java software development kit (SDK) – and WebLogic Server. In a secured deployment, I will install the Java SDK in the same location as WebLogic Server. On […]

Read more

Securing Oracle WebLogic Server – Pre-Install (Part 2)

This post continues where we left off in discussing the pre-installation tasks of Oracle WebLogic Server. 1) Operating System Firewall Most operating systems include a (software) firewall. The existence of the Windows firewall and Linux firewall (a.k.a. iptables) are common knowledge. Just in case, here are some articles for Solaris and AIX: Setting up a […]

Read more

Securing Oracle WebLogic Server – Pre-Install (Part 1)

This post discusses the tasks for preparing the operating system before installing WebLogic Server. 1) Validate Operating System The very first thing to do is to validate that the latest critical updates and patches are applied. Everyone talks about it. However, breaches occur regularly because it is not done. I recommend manually running the process […]

Read more

Securing Oracle WebLogic Server – Roadmap

This is the second in a series of posts, as the title implies, that focuses on securing Oracle WebLogic Server. This software product is a full fledge Java Platform, Enterprise Edition (Java EE). Thus, this series is about technology, right? Yes, it will be primarily focused on technology. However, we have to consider information security […]

Read more

Securing Oracle WebLogic Server – Introduction

I have been working with Oracle WebLogic Server for quite some time. I can count on my hands the number of deployments where security was a concern. This is a first post of a series that focusses on securing WebLogic Server. This series is inspired by the work I am currently doing with a client […]

Read more

Perficient Oracle Blog

Perspectives and insights on how you can best leverage your investment in Oracle cloud and on-premises based solutions to enable your business optimization and drive growth.