Welcome to secure-abap.de (How to write secure ABAP)
This Web site covers questions, ideas and additional topics related to the book "Sichere ABAP-Porgrammierung" (secure ABAP programming), published at SAP Press in late August 2009.
The content is maintained by the authors (Andreas Wiegenstein, Markus Schumacher, Sebastian Schinzel and Frederik Weidemann).
Some sample chapters (in German) and other material are available in the Downloads section.
More Anecdotes (What goes wrong in SAP Environments)
Risk management is a top priority. Regulatory compliance demands internal control systems which cover, among other things, IT and software risks. This is even more important in an SAP context since the SAP software controls virtually all critical business processes. But for many companies, it’s a surprise that there are security problems in SAP applications, too. It ultimately depends on the developers whether the software is secure and will suffice the industry best practices. Not to mention potential backdoors in the code.
The impact of technical security defects to a company’s business processes is usually not obvious. Therefore, we continue the series of Anecdotes (war stories) that we have started in our book (see the overview on page 342 ff). We will be presenting selected technical security defects and their relevance for business on this site, as we come along them in security audits. All examples have a real background and are - of course - anonymized in order to avoid any conclusion regarding customers or projects.
As of today (Mar 2010), the publisher has not yet decided to translate the book into English. We are not really happy about this since many readers will not be able to read the German text. If you are also not happy with this situation, please drop us an email that says why you like to see an English copy and how many copies you would order for yourself or your company.
Secure ABAP Programming Guidelines
It is May 2011 now and the publisher still refuses to translate the book to English. As an alternative, our company http://www.virtualforge.com now provides the most comprehensive "Secure ABAP Programming Guidelines" available today. On more than 100 pages, various secure programming techniques are discussed in detail, together with lots of coding examples. However, these guidelines are targeted at corporations rather than at individuals and they are considerably more costly than the book.