I recently gave a security talk at the Minnesota Stellent User's Group... Stellent of course being the old name for Oracle Universal Content Management. I uploaded it to Slideshare, and embedded it below:

This talk is a variation on a talk I gave at Crescendo a few years back... it covers the security risks and vulnerabilities inside Oracle UCM, and countermeasures to prevent break-ins. This talk is not a how-to for integrating LDAP, Active Directory or Single Sign On... rather it's intended to be an introduction to cross site scripting, SQL injection, and other common web application attack vectors. It's a bit scary for a while, but then it tells you how to prevent attacks.

Enjoy! And don't be evil...