SAP Web
AS Security Guide for ABAP Technology 
Purpose
This guide is to provide you with an overview of the security aspects and recommendations when using the SAP Web AS ABAP for your applications.
Integration
There is also a SAP Web AS Security Guide for Java Technology.
Constraints
This guide does not describe the administration or development functions for security on the SAP Web AS ABAP. Such information is provided in the standard documentation. It only provides the additional information that apply to specific scenarios or application types.
How to Use This Guide
This guide is divided into the following sections:
This section describes security aspects involved with user authentication, for example, logon security, password rules and preventing unauthorized logons. In addition, it describes how to protect the standard users SAP*, DDIC, and EARLYWATCH.
This section provides a brief overview of the SAP authorization concept and how you can use it to protect your applications from misuse.
· Network Security for SAP Web AS ABAP
This section provides an overview of the protocols used by the ABAP Engine and the mechanisms to use to provide security for connections at the network transport layer.
· Protecting Your Productive System (Change & Transport System)
This section describes how to prevent undesirable changes from being made in your productive system by using the Change and Transport System (CTS) and the Transport Management System (TMS).
· Secure Store & Forward Mechanisms (SSF) and Digital Signatures
This section describes the security aspects involved when using public-key technology for digital signature and encryption functions.
Security aspects that apply to additional topics are also included. Such topics are:
¡ Executing logical operating system commands in SAP systems
¡ Batch input
¡ Preventing disclosure of the SAPconnect RFC user
¡ Internet Graphics Service security
In addition, see
the topic 
Security Aspects for
BSP in the Security Aspects in Development section of the SAP Web AS Security
Guide: