Avoiding Compliance Issues in ABAP code - Virtual Forge

More documents

Recommendations

Info

ABAP Code RisksExemplary technical Defects• PPT Unauthorized Masterfolie Execution of Business Logiczur Erstellung von Präsentationen• Authorization Defects, ABAP Command Injection, OS Command Injection• Unauthorized read Access to Business and Configuration Data• OSQL Injection, Cross-Client DB Access, Directory Traversal, ABAP Command Injection• Unauthorized write Access to Business and Configuration Data• OSQL Injection, ADBC Injection, Directory Traversal, ABAP Command Injection• Jeopardizing the Availability of the System• ADBC Injection, OS Command Injection, Directory Traversal, ABAP Command Injection• Adverse Effects on Non-Repudiation• ADBC Injection, ABAP Command Injection• Identity Theft• Alias Authorizations, Cross-Site Scripting, Cross-Site Request Forgery© 2012 Virtual Forge GmbH | www.virtualforge.com | All rights reserved.
Check List BIZEC APP/11The most common Security Defects in ABAP ProgramsID PPT MasterfolieDefect Descriptionzur Erstellung von PräsentationenAPP-01 ABAP Command Injection Execution of arbitrary ABAP CodeAPP-02 OS Command Injection Execution of arbitrary Operating System CommandsAPP-03Improper Authorization(Missing, Broken, Proprietary, Generic)Missing or erroneous Authorization ChecksAPP-04 Generic Module Execution Unauthorized Execution of Modules (Reports, FuMo, etc.)APP-05 Cross-Client Database Access Cross-Client Access to Business DataAPP-06 SQL Injection Malicious Manipulation of Database CommandsAPP-07 Unmanaged SQL Usage of native SQL CommandsAPP-08 Cross-Site Scripting Manipulation of Browser UI, Authorization TheftAPP-09 Cross-Site Request Forgery Execution of Business Logic in the Name of a different User.APP-10 File Upload (Malware) Storage of malicious Files on an SAP ServerAPP-11 Directory Traversal Unauthorized read/write Access to Files (SAP Server)© 2012 Virtual Forge GmbH | www.virtualforge.com | All rights reserved.
Page 1 and 2: Andreas WiegensteinDr. Markus Schum
Page 3: My car, my house, my boat, …Andre
Page 7 and 8: The Attack Surface of ABAPPPT Maste
Page 10 and 11: ABAP Vulnerabilities (1a)Authorizat
Page 12 and 13: ABAP Vulnerabilities (1c)Authorizat
Page 14 and 15: ABAP Vulnerabilities (2)Client Sepa
Page 16 and 17: ABAP Vulnerabilities (3)Development
Page 18 and 19: ABAP Vulnerabilities (4)Operating S
Page 20 and 21: 2. PPT Compliance Masterfolie Risks
Page 24 and 25: Risks of SQL Injection (APP-06)Exem
Page 26 and 27: 3. PPT ABAP Masterfolie Security at
Page 28 and 29: The SDP Maturity ModelPPT Masterfol
Page 30 and 31: 4. PPT Practical Masterfolie ABAP S
Page 32 and 33: Externe ABAP DevelopmentPPT Masterf
Page 34 and 35: ABAP Security ResourcesPPT Masterfo

Avoiding Compliance Issues in ABAP code - Virtual Forge

Create successful ePaper yourself

Delete template?

Save as template?