Secure Programming
Secure Programming
Content
Secure Programming
Secure Programming - ABAP
Secure Programming
Password Security
Secure Store and Forward Mechanism (SSF)
Security Logging
SAP Virus Scan Interface
Secure User Interface
Cross-Site Scripting (XSS)
Avoiding XSS by Using Correct Output Encoding
Output Encoding Contexts
SAP Encoding Functions for AS ABAP
SAP Encoding Functions for JavaScript
URL Input Validation on AS ABAP
More Information About Preventing Cross-Site Scripting
SQL Injection
Input Validation
Canonicalization
Directory Traversal
Validating Physical Filenames Entered by the User
Using File Name Aliases
Validating Logical Filenames Entered By the User
URL Encoding and Manipulation
Cookie Manipulation
Clickjacking
Using Frameworks Which Support Clickjacking Framing Protection
Implementing Clickjacking Framing Protection in Your Developments
SAP Code Vulnerability Analyzer
Secure Programming - Java
Secure Programming
Password Security
Secure Communication
Secure Store and Forward Mechanism (SSF)
Logging and Tracing
SAP Virus Scan Interface
Secure User Interface
Cross-Site Scripting (XSS)
Avoiding XSS by Using Correct Output Encoding
Output Encoding Contexts
SAP Encoding Functions for AS Java and JavaScript
URL Input Validation on AS Java
More Information About Preventing Cross-Site Scripting
XSRF Protection for REST Services
SQL Injection
Input Validation
Canonicalization
Directory Traversal
URL Encoding and Manipulation
Cookie Manipulation
Clickjacking
Using Frameworks Which Support Clickjacking Framing Protection
Implementing Clickjacking Framing Protection in Your Developments
Stylesheets for Clickjacking Framing Protection
Customizable Parameters for Stylesheets for Clickjacking Framing Protection
Example Implementation of Clickjacking Framing Protection in a Servlet
Implementing Clickjacking Framing Protection in Java Server Pages
Adding Clickjacking Framing Protection to JSPs
Adding Clickjacking Framing Protection to JSPs in DTR
Checking if the Clickjacking Tag Library Descriptor (tld) Has Been Integrated
Adding the ClickJacking Protection Custom Tag
Configuring the Whitelist Service for Clickjacking Framing Protection
Testing Your Implementation
Test Case 1: Successful Framing
Test Case 2: Deny Message For Unlisted Host
Test Case 3: Timeout Message for JSP Without Tag
Further Information
Disclaimer