|
Siebel Security Hardening Guide > Performing Security Testing >
About Performing Security Assessments
Carry out security-risk assessments of your Siebel Business Applications and infrastructure (for example, the operating system and third-party products) periodically to make sure that security policies are being adhered to and to rectify any security vulnerabilities that are identified. In particular, perform extensive security testing of any customizations you make to your Siebel Business Applications before you implement the customizations in a production environment. It is recommended that you scan your Siebel Business Applications deployment periodically using vulnerability assessment tools to locate security weaknesses. Use a focused approach for risk mitigation rather than focusing on the identification of every possible attack which can be time-consuming. Various tools are available for performing vulnerability assessments:
- Public domain tools, for example, Nessus, Nmap, COMRaider, FileFuzz, and CIS Tools (www.cisecurity.org).
- Other commercially available tools for which an up-to-date vulnerability database is maintained by the vendors. The following tools are generally available for testing system security:
|
