You need to ensure the following.

• Enable SSL, but avoid using Demonstration Certificates
  
• Enforce Security Constraints on Digital Certificates
  
• Ensure that Host Name Verification is Enabled
  
• Impose Size and Time Limits on Messages
  
• Restrict the Number of Open Sockets
  
• Configure WebLogic Server to Manage Overload
  
• User Lockouts and Login Time Limits
  
• Enable Configuration Auditing
  
• System Administrator Accounts
  
• Set up Secure Flag for Cookies