Show TOC Anfang des Inhaltsbereichs

Hintergrunddokumentation Secure Programming - ABAP  Dokument im Navigationsbaum lokalisieren

“Security is like adding brakes to cars.

The purpose of brakes is not to stop you:

it’s to enable you to go fast!”

---Gene Spafford

Purpose

This documentation provides an overview of how to develop secure applications based on the SAP NetWeaver platform. It describes common security errors and weaknesses to watch out for as well as approved procedures so that your application functions “securely”.

Target Group

The target group of this documentation is ABAP developers who are developing applications based on the SAP NetWeaver platform. This guide is primarily aimed at developers in the IT departments of customers, consulting houses, and partners. 

About this Document

This documentation is divided into the following sections:

     Secure Programming

     Password Security

     Secure Store and Forward Mechanism (SSF)

     Security Logging

     SAP Virus Scan Interface

     Secure User Interface

     Cross-Site Scripting (XSS)

     SQL Injection

     Input Validation

     Canonicalization

     Directory Traversal

     URL Encoding and Manipulation

     Cookie Manipulation

For each topic mentioned above the security vulnerability is described. Then any standard solutions that exist from the SAP NetWeaver platform are presented, including functions and interfaces that need to be used. If no solution is available from the SAP NetWeaver platform, recommendations are provided about appropriate security measures to take. In addition, example code is provided where appropriate and links to existing documentation are given.

Disclaimer

All descriptions of secure programming and all sample code (for the purposes of this clause hereinafter referenced together as the "Examples") contained in this document are for illustrative purposes only. These Examples have not been thoroughly tested under all conditions. SAP, therefore, cannot guarantee or imply reliability, serviceability, or function of these Examples. Any use of these Examples is at your own risk and responsibility and SAP shall not be liable for any damages caused by the use of such Examples unless such damages have been caused by SAP's gross negligence or willful misconduct.

 

Ende des Inhaltsbereichs