Avoiding Compliance Issues in ABAP code - Virtual Forge

More documents

Recommendations

Info

Risks of SQL Injection (APP-06)Exemplary Analysis of a technical Risk• PPT Illegal MasterfolieAccess to data of another SAP Client• zur Manipulation Erstellung of User von Accounts Präsentationenand Authorizations (SOX Violation)• E.g. assign SAP_ALL Rights to unauthorized Users• Undocumented Changes to critical Tables (SOX Violation)• No Entries in CDHDR, CDPOS, …• Read Access to HR Data (Violation of Data Protection Law)• E.g. Social Security Number (PA0002-PERID)• Access to Credit Card Data (PCI/DSS Violation)• E.g. BSEGC-CCNUM• Access to Bank Account Data of Customers and Suppliers• E.g. Customer Bank Data (KNBK-BANKN)• Manipulation von financial Data (SOX Violation)• E.g. Manipulation of Table BSEG© 2012 Virtual Forge GmbH | www.virtualforge.com | All rights reserved.
SAP ALL in 5 Minutes (Part 2)PPT Masterfoliezur Erstellung von PräsentationenDEMO© 2012 Virtual Forge GmbH | www.virtualforge.com | All rights reserved.
Page 1 and 2: Andreas WiegensteinDr. Markus Schum
Page 3: My car, my house, my boat, …Andre
Page 7 and 8: The Attack Surface of ABAPPPT Maste
Page 10 and 11: ABAP Vulnerabilities (1a)Authorizat
Page 12 and 13: ABAP Vulnerabilities (1c)Authorizat
Page 14 and 15: ABAP Vulnerabilities (2)Client Sepa
Page 16 and 17: ABAP Vulnerabilities (3)Development
Page 18 and 19: ABAP Vulnerabilities (4)Operating S
Page 20 and 21: 2. PPT Compliance Masterfolie Risks
Page 22 and 23: ABAP Code RisksExemplary technical
Page 26 and 27: 3. PPT ABAP Masterfolie Security at
Page 28 and 29: The SDP Maturity ModelPPT Masterfol
Page 30 and 31: 4. PPT Practical Masterfolie ABAP S
Page 32 and 33: Externe ABAP DevelopmentPPT Masterf
Page 34 and 35: ABAP Security ResourcesPPT Masterfo

Avoiding Compliance Issues in ABAP code - Virtual Forge

Create successful ePaper yourself

Delete template?

Save as template?