1. API Security Guide
  2. Preface

Preface

This guide provides security-related usage and configuration recommendations for Oracle Banking Branch. It may outline procedures required to implement or secure certain features. This guide is not for general-purpose configuration.

Audience

This guide is primarily intended for Developers of Oracle Banking Branch and the third-party or vendor software. Some information that may be relevant to IT decision-makers and users of the application are also included.

Note:

Readers are assumed to possess the basic operating system, network, and system administration skills with an awareness of vendor/third-party software and knowledge of Oracle Banking Branch application.

Parent topic: Preface

Conventions

The following text conventions are used in this document:

Convention Meaning

boldface

Boldface type indicates graphical user interface elements associated with an action, or terms defined in text or the glossary.

italic

Italic type indicates book titles, emphasis, or placeholder variables for which you supply particular values.

monospace

Monospace type indicates commands within a paragraph, URLs, code in examples, text that appears on the screen, or text that you enter.

Parent topic: Preface

Scope

The scope of this guide is as follows:

Table - Scope

Scope Description

Read Sections Completely

Each section should be read and understood completely. Instructions should never be blindly applied. Relevant discussion may occur immediately after instructions for action, so be sure to read whole sections before beginning implementation.

Understand the Purpose of this Guidance

The purpose of the guidance is to provide security-relevant code and configuration recommendations.

Limitations

This guide is limited in its scope to security-related guidelines for developers.

Parent topic: Preface

Acronyms and Abbreviations

The following acronyms and abbreviations are used in this guide:

Table - Acronyms and Abbreviations

Acronym/Abbreviation Description

AES

Advanced Encryption Standard

API

Application Programming Interface

ASCII

American Standard Code for Information Interchange

CSRF

Cross-Site Request Forgery

ECC

Elliptic Curve Cryptography

HTTP

Hypertext Transfer Protocol

HTTPS

Hypertext Transfer Protocol Secure

JPQL

Jakarta Persistence Query Language

JWT

JSON Web Token

LDAP

Lightweight Directory Access Protocol

OJET

Oracle JavaScript Extension Toolkit

OWASP

Open Web Application Security Project

PCI

Payment Card Industry

SHA-1

Secure Hash Algorithm 1

SMS

Security Management System

SMTP

Simple Mail Transfer Protocol

SQL

Structured Query Language

SSL

Secure Sockets Layer

TDES

Triple Data Encryption Algorithm

XSS

Cross Site Scripting

Parent topic: Preface

List of Topics

This guide is organized into the following topics:

Table - List of Topics

Topics Description

Securing API Services

This topic provides information about securing API services.

Parent topic: Preface