Secure ABAP Programming
Finally, there is a book on ABAP security. Written by Virtual Forge team members Andreas Wiegenstein, Dr. Markus Schumacher, Sebastian Schinzel and Frederik Weidemann, it provides best practices for secure ABAP programming. Readers will learn how to identify, mitigate and avoid insecure programming techniques in ABAP. The book covers all relevant ABAP programming styles: Classical ABAP, ABAP OO, Web Dynpro ABAP and Business Server Pages.
Virtual Forge also maintains an English language Wiki for this book. If you'd like to read this book in English, please post a comment there.
The primary cause for security vulnerabilities in business applications is insecure code. ABAP applications are no exceptions. Exploiting security vulnerabilities in code can have devastating results such as data theft, industrial espionage, and sabotage.
"Unbreakable" ABAP?
The book demonstrates that although "normal" ABAP programs are relatively robust, they will always be as insecure as the one remaining vulnerability in the code or in the design that has not been taken care of.
The Top Ten of false assumptions
Verify your assumptions about ABAP security with ten simple questions: You will immediately know where you should take action.Complete Coverage
Procedural ABAP, ABAP Objects, Business Server Pages or Web Dynpro: In whatever way you write ABAP code, the book shows the corresponding risks and mitigation strategies in a step-by-step approach.Detailed Threats
With this book you will learn about many common threats you should brace your custom applications for: SQL-Injection, Directory Traversal, Cross-Site Request Forgery, ABAP Code Injection and Forceful Browsing – to name a few. Attackers already know how to exploit them …
From practical use for practical use
Numerous listings, examples and check lists make it much easier for you to write ABAP programs that withstand attacking attempts.