Ensuring operational readiness
OAC5 Barcode Capture Settings
An important area of SAP Security is the analysis of the customer's own SAP programs, which are classically written in the proprietary SAP language ABAP. Here, too, as in all programming languages, security vulnerabilities can be programmed - whether consciously or unconsciously. However, the patterns of security vulnerabilities in ABAP code differ from those in Java stacks or Windows programs. The goal of these conventional programs is usually to either crash the program (buffer overflow) or to artificially execute the program's own code (code injection). Both is not possible in ABAP, since a crash of a process causes nothing else than the creation of an entry in the log database (Dump ST22) and a subsequent termination of the report with return to the menu starting point. So a direct manipulation as in other high level languages or servers is not possible. However, there are other manipulation possibilities.
Critical business processes require a secure, efficient and stable operation of an SAP system landscape. High demands on the management as well as the operation of the underlying SAP NetWeaver platform require competent support in all tasks of planning, support and updating of the SAP Basis. The increase in installed components as well as systems integrated via interfaces expands these needs. Only with professional care and maintenance of its components can SAP NetWeaver bring its advantages as an integrative platform to bear.
For example, many customer ABAP programs work by uploading or downloading data. There are potentially large security gaps here that allow access to server data. In addition, the widespread direct invocation of operating system commands that are not covered by a self-programmed authorization check is a major problem. Even though classic SQL injection, i.e., the entry of extended SQL commands, is a potential security vulnerability, it occurs rather rarely in SAP systems. More widespread is the unintentional dynamization of SQL calls because input parameters are not sufficiently checked. The need to check all in-house developments internally for such security vulnerabilities before they are delivered in SAP's own code has led to the development of the SAP Code Vulnerability Analyzer tool.
SAP Basis consulting can start with general consulting on SAP deployment and installation and configuration. In addition, the SAP consulting can transition to an external takeover of updates and upgrades of SAP components or even the complete takeover of the administration of the SAP system.
"Shortcut for SAP Systems" simplifies tasks in the area of the SAP basis and complements missing functions of the standard.
The growing number of technologies and the growing need for integration and collaboration with upstream and downstream IT departments means that the SAP basis is constantly growing.
With respect to the SAP basis, this step is concerned with product portfolio analysis and the creation of IT products and a product catalogue.