ABAP Secure code

• knowledge of ABAP programming
• Basic knowledge of security concepts

Audience

• Developers
• Technology Consultant

The aim of this course is to teach developers the importance and practice skills to develop ABAP secure code. Delegates will learn about the various types of vulnerabilities and be able to effectively implement appropriate countermeasures to protect applications against outside threats.

Delegates will gain knowledge of the ABAP Testing Cockpit (ATC) and the SAP NetWeaver Application service add-on for code vulnerability analysis (CVA) to ensure security and compliancy of your custom developed code.

By the end of this training, participants will be able to:

• Explain application security and vulnerabilities
• Describe ABAP programming best practices and handling of SY-SUBRC
• Understand injection vulnerabilities
• Describe security testing tools
• Explain ATC and CVA

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

• Introduction
  • Explaining Application Security and Vulnerabilities
• Secure Programming
  • Describing ABAP Best Practices and Handling of SY-SUBRC
  • Understanding Injection Vulnerabilities (SQL Injection, Code Injection, Call Injection, Operating System Command Injection, Directory Traversal, web-based threats, Cross-Site Scripting, Cross-Site Request Forgery, inaccurate programming)
• Security Testing Tools
  • Describing Security Testing Tools
  • Explaining ATC and CVA
• Troubleshooting
• Summary and Conclusion