SAP ABAP security reviews and SAP Java custom code audit activities are helpful in determining various exploits in custom developed ABAP and Java applications.
Answers to the questions such as “Can your users become ‘other’ users?”, “Are your credentials stored securely?”, “Can there be any security flaws in your ABAP or Java code, which can lead to data leakage, manipulation, or disclosure?” are sought in ABAP security scans and Java audits. Java and ABAP scanning activities with our SAP security consultants help in discovering and fixing many ABAP security and ABAP performance issues as well as Java programming issues.
The difference between SAP ABAP security assessment and regular SAP security audit is that the main focus is the custom developed ABAP code’s security and the development processes and not the underlying SAP BASIS security. Since both domains are generally handled by different organizational units, customers generally prefer separating the two assessments. It should be also noted that without a SAP BASIS security analysis that results in fixing and eliminating the current SAP security issues, the ABAP security review or Java security assessment’s value is heavily reduced. Attackers can use the publicly known SAP vulnerabilities and SAP exploits to access the system instead of spending any time in analyzing the target application behavior.
We also provide SAP application security testing for business applications; SAP connected archiving applications, SAP printing systems, partner interfaces, self developed tools for helping enterprises in SAP compliance. We use our SAP ABAP code assessment tools to support manual SAP audits and we deliver results that adhere to the highest standards. Following is a list of domains:
-
ABAP Security
-
SAP Java applications security
-
Dynpros/WebDynpros/BSP pages security
-
RFC / Soap-RFC enabled applications security
-
CPIC security
-
Registered server security
-
EDI interfaces
-
.Net applications that connect to SAP systems via RFC or SOAP
-
C/C++ business applications