How to Secure Oracle WebLogic 12c
4.5 (108 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
867 students enrolled

How to Secure Oracle WebLogic 12c

A best practices guide to deploying Oracle WebLogic to a production environment.
4.5 (108 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
867 students enrolled
Created by Chris Parent
Last updated 4/2016
English [Auto]
Current price: $47.99 Original price: $79.99 Discount: 40% off
2 days left at this price!
30-Day Money-Back Guarantee
This course includes
  • 3.5 hours on-demand video
  • 1 downloadable resource
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
Training 5 or more people?

Get your team access to 4,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
What you'll learn
  • Securely install WebLogic
  • Create delegated administrators
  • Define password policies
  • Prevent Denial-of-Service attacks
  • Prevent brute force dictionary attacks
  • Encrypt network traffic using SSL
  • Patch WebLogic
  • Use domain administration ports
  • A server or workstation with elevated priveleges
  • Linux/Unix environments are prefered, but Windows is supported
  • Oracle JDK 1.7 or 1.8 installed
  • WebLogic 12.1.3 Generic Installer downloaded, but NOT installed. We will cover this in the lab.
  • Basic understand of networks and SSL

This course introduces the student to some best practices for installing and securing Oracle WebLogic in production environments. There are many differences between Development and Production environments which this course will highlight.

This course is targeted at IT professionals, systems administrators, DevOps engineers, and architects who need to understand and deal with network, information, and application security. The course assumes a beginner to intermediate knowledge of Oracle WebLogic. Prior experience with installation and administration, either hands-on or conceptually is highly recommended.

The course is organized into a series of video lectures followed by a hands-on tutorial. This course comes with a detailed Lab Guide that you can use at home or work.

As an Architect during the day, I am responsible for ensuring that any solutions or services that are deployed to production are architected and deployed in a secure manner. Security is of the utmost importance and it should be yours too.

If you have enterprise deployments of WebLogic in production and you are responsible for how these systems are deployed and secured, then this course will help you understand where to start with securing WebLogic.

Security is a broad and deep topic. This course does not attempt to cover every possible security topic related to WebLogic, however. This course does attempt though to cover what I feel are some of the most important aspects of securing a deployment.

Who this course is for:
  • This course is intended for anyone interested in Weblogic security best practices. This course assumes a basic understanding of Oracle Weblogic with some familiarity with installing and using the administration console.
  • This course is geared mostly toward system administrators, DevOps engineers, and architects.
Course content
Expand all 38 lectures 03:33:07
+ Welcome to Oracle WebLogic Security
2 lectures 10:53

Just an introduction to the course. I'll go over course objectives, ask some questions, and give a brief introduction of my self.

Preview 06:41

This video will go over the lab guide and how you should use it. This is also where you will download the lab guide.

The Lab Guide
+ Lecture #1 - Secure Installation
5 lectures 37:15

This lecture will discuss how to prepare the OS and environment for a production install of Oracle WebLogic. I will go over the installation process and discuss what components should be removed from WebLogic.

Preview 11:47

This lab goes over preparing your production environment.

Preview 06:58

This lab walks through installing WebLogic and removing components not safe for production. 

Lab 1.2 - Installing WebLogic

This lab walks through patching a WebLogic installation.

Lab 1.3 Patching

This lab shows you how to rollback a patch.

Lab 1.4 Patch Rollback
+ Lecture #2 - Domain Security
12 lectures 47:52

In this lecture you will learn the differences between production and development domain modes. 

Tip #1 - Production Mode

This lecture discusses delegated administration and its uses.

Tip #2 - Delegated Administration

This lecture will discuss how to define a password policy using the default password validator.

Tip #3 - Passwords

This lecture will discuss how to configure user login timeouts, retries, and lockouts to prevent brute force and dictionary attacks.

Tip #4 - User Lockout

This lecture discusses how to audit security events in WebLogic using the Default Auditing Provider.

Tip #5 - Auditing

Learn how to enable trust between two WebLogic domains using Cross Domain Security.

Tip #6 - Cross Domain Security
Lab 2.1 - Create Domains
Lab 2.2 -
Lab 2.3 - Admin Console
Lab 2.4 - Delegated Administration
Lab 2.5 - Password Policy
Lab 2.6 - Auditing
+ Network Security
6 lectures 34:37

In this lecture I discuss deploying WebLogic in a multi-tiered network architecture, including using firewalls and access control lists to restrict network traffic in a WebLogic environment. 

Tip #1 - Secure Network Architecture

Learn how to prevent Denial of Service attacks by setting message size limits and network timeouts. 

Tip #2 - Denial of Service Attacks

In this lecture I discuss how to use connection filters to filter traffic based upon port and protocol.

Tip #3 - Connection Filters

This lab will show you how to view what ports are open on your system and identify what ports WebLogic has open. 

Lab 3.1 - Discover open ports

In this lab you'll learn how to configure a connection filter to restrict network traffic. 

Lab 3.2 - Connection Filters
Lab 3.3 - Denial of Service
+ Network Security - SSL/TLS
11 lectures 01:13:24
SSL/TLS Overview

In this lecture I provide an overview of SSL/TLS and get into describing identity and trust as it pertains to WebLogic. 

Identity and Trust

In this lecture I describe how SSL is configured for WebLogic.

Configuring SSL

In this lecture I discuss how to debug SSL using JVM flags.

Debugging SSL

In this short lecture I summarize Network Security. 

Summary and Lab Overview
Lab 4.1 - Create Identity and Trust
Lab 4.3 Configure Identity and Trust for WebLogic
Lab 4.4 - Configure SSL
Lab 4.5 - Debug SSL
Lab 4.6 - SSL for NodeManager
Lab 4.7 - SSL Protocols and Cipher Suites
+ Administrative Security
2 lectures 09:06

In this lecture I discuss how to segregate and protect administrative traffic from non-administrative traffic using dedicated administration ports. 

Administration Ports

In this lecture I discuss how to use a secure key to authenticate WLST scripts against WebLogic.

Plaintext Passwords