Given that WebLogic is an application server, much of the responsibility for secure configuration is incumbent on the developers.