This chapter provides an overview of the architecture of the deployment and describes the installation and configuration procedure for Oracle Banking APIs.

Please note that this is only a guide to securing the Oracle Banking APIs application and does not replace periodic reviews of the security architecture of the entire ecosystem of multiple applications maintained by the customer. The guidance provided in this document must always be augmented by specific understanding of the security considerations of the specific deployment architecture.

• Architecture Diagram
  
• Installing WebLogic
  
• Configuring SSL
  
• Disable SSLv3
  
• HTTP Response Header Configurations
  
• Cookie Attributes
  
• Password Policy Guidelines
  
• Configuring 2FA for login
  
• Configuring 2FA Attributes
  
• Choosing a non blocking PRNG
  
• Mobile App SSL Pinning Configuration
  
• Generating Security Keys
  
• API Rate Limiting Recommendations
  
• Host Header Injection Attack Recommendations