The following principles are fundamental to using any application securely:

• Keep software up to date. This includes the latest product release and any patches that apply to it.
• Limit privileges as much as possible. Users should be given only the access necessary to perform their work. User privileges should be reviewed periodically to determine relevance to current work requirements.
• Monitor system activity. Establish who should access which system components, and how often, and monitor those components.
• Install software securely. For example, use firewalls, secure protocols such as SSL and secure passwords.
• Learn about and use the Converged Application Server security features. See Converged Application Server Security Concepts for additional overview information on Converged Application Server security features.
• Use secure development practices. For example, take advantage of existing database security functionality instead of creating your own application security.
• Keep up to date on security information. Oracle regularly issues security-related patch updates and security alerts. You must install all security patches as soon as possible.

  Note:

  The Converged Application Server is built upon both Oracle WebLogic Server and Oracle Coherence. Customers must stay up-to-date and apply all security patches for both Oracle WebLogic Server and Oracle Coherence.
  See the “Critical Patch Updates and Security Alerts" Web site:

  https://www.oracle.com/security-alerts/