Operating System
Standard Oracle accounts
UNIX and Windows security patches

Web Server
Apache configuration (http.conf)
Apache logging (http.log)
Apache virtual directories
Apache and JServ security patches
SSL configuration
Oracle support cgi-bin scripts
PLSQL Cartridge exploits

Application Server
Forms and reports security patches
SSL configuration

Database
Database accounts
Listener exploits
Database auditing (SYS.AUD$)
Database security patches
APPS permissions
APPLSYSPUB permissions
Database links

Oracle E-Business Suite
Application accounts
Users with Sysadmin responsibility
Application’s security patches
Application auditing
Password related profile options