Skip to main content

OWASP Top 10 Vulnerabilities in ADF

By

The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Their mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.

OWASP publishes a list of top 10 critical web application security vulnerabilities identified each year. 
For more information on OWASP Click here

To mitigate the OWASP Top 10 Security Vulnerabilities Oracle has provided a white paper. In this paper you can see what the vulnerabilities are and how we can protect those. The provided document is to help developers that know security identify tools and features in Oracle ADF that they can use to implement application security. This paper does not replace a formal code review process.
Click on the below link to open the white paper.
oracle white paper
Oracle white paper

For latest information go for the adf in oracle site and click on the highlighted link





Comments

Post a Comment

Popular posts from this blog

The file store "WLS_DIAGNOSTICS" could not be opened

By
WLS_DIAGNOSTIC ERROR weblogic.store.PersistentStoreException: [Store:280073]The file store "WLS_DIAGNOSTICS" could not be opened because it contained a file with the invalid version 1. A file of version 2 was expected. When you get this error while running your application on internal weblogic server delete the following file WLS_DIAGNOSTICS000000.DAT search the file in following path C:\jdev_work\system11.1.1.5.37.60.13\DefaultDomain this file is in DefaultDomain folder of your jdev. and delete the WLS_DIAGNOSTICS000000.DAT file . and run your applicatuon
1 comment
Read more

Passivation and Activation in ADF (Application Module )

By
1. For performance reasons, ADF keeps a pool of application modules in memory. It tries to give each session the same application module as the session used during the last request; however, this might not be possible during peak load of your application. 2. In this case, ADF saves the application modules state in a database table so the application module can be used by another session. This is called passivation . 3. When the first session needs the application module again, its state is retrieved from the database process known as activation . 4. If you have made an error in your code and depend on some variable that is not persisted correctly when your application module state is stored, you will experience mysterious errors under high load.   Enable/Disable Application Module Pooling : Right-click on your application module, choose Configurations.By default, each application module has two configurations. Ensure that the one ending in …Local is selected and then c...
1 comment
Read more

Overview Editor for bc4j.xcfg

By
This is used to customize the configuration settings for the application pool, connection pool, and transactions. Select the Application Module, then select a configuration from the Configurations list. You can specify a Default Configuration from the dropdown to use with selected application module. Edit the name of the configuration in Details. Its having 3 tabs 1.Database and Scalability 2. Properties 3. Custom Properties Database and Scalability Tab : In Database and Scalability you can mention the JDBC data source definition for each application module. You can choose to connect to a JDBC data source or to a JDBC URL.The default connection type is the default data source. A data source is a vendor-independent encapsulation of a database server connection on the application server. 1. Data sources ( JNDI name) offer advantages over a JDBC URL connection because the data source can be tuned, reconfigured, or remapped without changing the deployed application. 2. JDB...
4 comments
Read more