Securing Web Application Firewall

To use Web Application Firewall (WAF) securely, learn about your security and compliance responsibilities.

In general, Oracle provides security of cloud infrastructure and operations, such as cloud operator access controls and infrastructure security patching. You are responsible for securely configuring your cloud resources. Security in the cloud is a shared responsibility between you and Oracle.

Oracle is responsible for the following security requirements:

• Physical Security: Oracle is responsible for protecting the global infrastructure that runs all services offered in Oracle Cloud Infrastructure. This infrastructure consists of the hardware, software, networking, and facilities that run Oracle Cloud Infrastructure services.

Your security responsibilities are described on this page, which include the following areas:

• Access Control: Limit privileges as much as possible. Users should be given only the access necessary to perform their work.
• Encryption and Confidentiality: Use encryption keys and secrets to protect your data and connect to secured resources. Rotate these keys regularly.

Use this checklist to identify the tasks you perform to secure Web Application Firewall (WAF) in a new Oracle Cloud Infrastructure tenancy.

Use policies to limit access to Web Application Firewall (WAF).

For information about WAF policies, see Getting Started with Web Application Firewall Policies.

Secure network access to your resources in Web Application Firewall (WAF).

For information about WAF network security, see see Getting Started with Web Application Firewall Policies.