Siebel Security Hardening Guide > Overview of Security Threats, Recommendations, and Standards >

Security Threats and Vulnerabilities

To secure your Siebel Business Applications environment, you must understand the security threats that exist and the typical approaches used by attackers. This understanding helps you to identify the correct countermeasures that you must adopt. The common security threats include:

• Computer viruses (malware)
• Code injection
• SQL injection
• Cross-site scripting (XSS)
• Denial of service attacks (DoS)

The following practices can make your applications vulnerable to malicious attacks:

• Using weak passwords
• Moving data between applications, computers, and sites
• Allowing information leaks
• Allowing nonsecure coding practices when configuring Siebel Business Applications

Monitor security sites for information on newly discovered vulnerabilities affecting third-party components or applications that are integrated with Siebel Business Applications software. Some of the well-known Web sites that contain information on security incidents with vulnerabilities and patches are as follows:

• www.cert.org
• www.sans.org
• www.insecure.org
• www.cisecurity.org
• www.securityfocus.com (hosts the Bugtraq mailing list)

Perform security risk assessments regularly to identify possible security vulnerabilities in your environment, then address any issues. For information on this task, see Performing Security Testing. For general information on preventing security attacks and vulnerabilities in your environment, see General Security Recommendations.