I am testing a siebel 7.7 client which is a web interface.

i would like to get some tips on the security tests i can perform

A few tests I did where..

test 1

Login to the application access some user information log out and hit the back button. I should not be able to access the user information.

test 2
verify if user information is being passed in the browser URL.

Please let me know if you can tell me some more tests that i could do?