Security for Siebel Open UI Deployments
Siebel Open UI is the most secure Siebel CRM client to date, with the following characteristics:
- Limited attack surface. Siebel Open UI uses only three technologies to render the client code: HTML, CSS, and JavaScript. Because of the small set of underlying technologies that are used to render the client and the absence of third-party plug-ins such as ActiveX and Java, Siebel Open UI provides the smallest possible attack surface. 
- Transparent technology. Because the Siebel Open UI client is built entirely on standards, a variety of modern inspection tools can be used to validate the security compliance of your implementations. 
- Compatibility with Data Execution Prevention features and virtualization. Because the Siebel Open UI client is a scripted client, it is fully compatible with Data Execution Prevention features for software or hardware, and compatible with virtualization features. The Siebel Open UI client supports a variety of techniques for implementing secure environments. 
- Secure sessions and limited concurrency. The Siebel CRM server environment provides sophisticated session security for a secure user experience. To protect data integrity and system security, concurrent browser sessions are not supported for Siebel CRM applications. When this condition is detected, the application provides options for how to proceed. 
- FIPS-140-2. Siebel Open UI supports the FIPS-140-2 standard, with applicable configuration. 
- Common Criteria Certification. The Siebel CRM applications meet Common Criteria Certification, to Evaluation Assessment Level 2. For more information, see the following: - http://www.commoncriteriaportal.org/files/epfiles/st_vid3026-vr.pdf 
Oracle tests JavaScript controls from third parties according to the same rigorous standards as those for testing Oracle code. Because all of the client code is standards-based and well-understood by inspection tools, thorough testing is simplified. Oracle uses industry-leading Web application security assessment solutions to validate that the Siebel Open UI client is secure. Oracle also validates security through its security-architecture teams and its internal oversight organizations and works with the ethical hacking community to put code to the practical test of security.
Oracle takes part in Open Web Application Security Project (OWASP). Developer training provided by Oracle Software Security Assurance (OSSA) is in line with the guidelines and recommendations provided by OWASP documentation. All Oracle product development teams are mandated to follow OWASP guidelines, policies, and secure coding standards.
This topic is part of Siebel Open UI Server Deployment Characteristics.
Related Topics
Related Books
Siebel Security Guide