Recommended Best Practices for Securing WebLogic Server.

Disable SSL V2, Weak Ciphers, and Null Encryptions

You can use the following jvm options to disable Weak Ciphers.

-Dweblogic.security.SSL.allowUnencryptedNullCipher=false
-Dweblogic.security.disableNullCipher=true

Steps to disable SSL V2 follows later.

Use Secure Cookies to Prevent Session Stealing

Please refer to this article : link

Configure WebLogic Server to use a Specific Cipher Suite or a List of Ciphers

Please refer to this article : link

-Dweblogic.security.SSL.Ciphersuites=TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5

Restrict the SSL Protocol Versions Allowed by WebLogic Server

Please refer to this article : link

You should also allow only the required http methods ( GET/POST) to access the resource on the server. You can restrict other methods from the web.xml

Refer this

Leave a Reply