Oracle DMW Secure Development

This section provides an overview of the security options for customers who will use Oracle DMW user database accounts to access the Oracle DMW and Oracle LSH public views and Application Programming Interfaces (called Oracle DMW APIs in this document). For further information on these views and APIs, see the "Introduction to Oracle DMW APIs" in the Oracle Life Sciences Warehouse API Guide.

The recommendations in this document are not exhaustive and no guarantee is given that implementing all the suggestions in this document provides sufficient protection for all security threats. The reason for this disclaimer is that you cannot delegate responsibility for secure application development to a third party or a single document. This document is to help developers be aware of the security tools and features that they can use to implement application security. This document does not replace a formal code review process.

Guidelines are presented here to assist in mitigating common security risks when customers are using the Oracle DMW APIs. The Open Web Application Security Project (OWASP) publishes the OWASP Top 10 to identify some of the most critical application security risks. This document briefly describes each Top 10 risk and Oracle DMW mitigation strategies, and encourages you to extend these strategies to secure your applications and environments that use Oracle DMW APIs. For the OWASP Foundation's description of the OWASP Top 10 Application Security Risks, see:https://www.owasp.org/index.php/Top_10-2017_Top_10.

This section contains the following topics:

• Injection
  
• Broken Authentication
  
• Sensitive Data Exposure
  
• XML External Entities (XXE)
  
• Broken Access Control
  
• Security Misconfiguration
  
• Cross-Site Scripting
  
• Insecure Deserialization
  
• Components with Known Vulnerabilities
  
• Insufficient Logging and Monitoring