Skip to main content

Posts Tagged ‘WebLogic Server’

ESS Health Check Fails or Application Stripe ESSAPP is missing

Usually the Enterprise Scheduler Service (ESS) Health Check fails if the Application Stripe ESSAPP is missing. To know, if the Application Stripe does exist, please do the following: 1. Go to EM 2. Go to Domain > Security > Application Roles Click on Application Stripe drop down list If the ESSAPP is missing in the […]

Oracle and Announce New Strategic Partnership

Today Oracle and unveiled the forging of a new partnership that will align their cloud operations and provide customers flexible application integrations and rapid low-cost implementations. Both Companies Agree to Integrate and Oracle Clouds From Oracle OPN Press Release, Redwood Shores, Calif. – June 25, 2013 [NYSE:CRM] and Oracle [NASDAQ:ORCL] announced today a comprehensive […]

Securing Oracle WebLogic Server – The Hack Patch

Before I start, it is important to understand Oracle’s license terms. It is not uncommon to download Oracle products from the Oracle Technology Network (OTN). Here’s an extract from the Oracle Technology Network Free Developer License Terms “You may not cause or permit reverse engineering (unless required by law for interoperability), disassembly or decompilation of […]

Securing Oracle WebLogic Server – Ethical Hacking?

2013/05/21 Update: I made a correction to specify that AES uses a cipher key and not an initialization vector (more information on AES can be found here). Some may have positive reactions while others may have negative ones with the title of this post. The Securing Oracle WebLogic Server series was building up to this […]

Securing Oracle WebLogic Server – Configure

The next step after installing the software consists of creating the WebLogic domain. Before we do, as stated in the pre-installation posts, following OA&M best practices, application and user data must be separate from software products. The WebLogic domain could easily be created in the /var hierarchy on Linux or within the home or user […]

Securing Oracle WebLogic Server – Install

This post discusses the actual installation of WebLogic Server. Generally speaking, the installation of Oracle WebLogic Server, in reality, involves installing two software products: Java – typically a Java software development kit (SDK) – and WebLogic Server. In a secured deployment, I will install the Java SDK in the same location as WebLogic Server. On […]

Securing Oracle WebLogic Server – Pre-Install (Part 2)

This post continues where we left off in discussing the pre-installation tasks of Oracle WebLogic Server. 1) Operating System Firewall Most operating systems include a (software) firewall. The existence of the Windows firewall and Linux firewall (a.k.a. iptables) are common knowledge. Just in case, here are some articles for Solaris and AIX: Setting up a […]

Securing Oracle WebLogic Server – Pre-Install (Part 1)

This post discusses the tasks for preparing the operating system before installing WebLogic Server. 1) Validate Operating System The very first thing to do is to validate that the latest critical updates and patches are applied. Everyone talks about it. However, breaches occur regularly because it is not done. I recommend manually running the process […]

Securing Oracle WebLogic Server – Roadmap

This is the second in a series of posts, as the title implies, that focuses on securing Oracle WebLogic Server. This software product is a full fledge Java Platform, Enterprise Edition (Java EE). Thus, this series is about technology, right? Yes, it will be primarily focused on technology. However, we have to consider information security […]

Securing Oracle WebLogic Server – Introduction

I have been working with Oracle WebLogic Server for quite some time. I can count on my hands the number of deployments where security was a concern. This is a first post of a series that focusses on securing WebLogic Server. This series is inspired by the work I am currently doing with a client […]