SAP Basis SAP Basis - the secure foundation of the SAP system - SAP Basis

Direkt zum Seiteninhalt
SAP Basis - the secure foundation of the SAP system
What has changed in the past ten years and what can we expect in the next ten? How will they affect the requirements profile of SAP Basis experts and how can they adapt to them?
In addition to scanning and identifying the respective security vulnerabilities of a program, it is also possible to stop tasks that are to be transported to other SAP systems with security vulnerabilities in the further transport process This applies, for example, to the CHARM process based on SAP Solution Manager. This forces a programmer to securely check the programs he or she is responsible for according to the same security criteria. If a program then still has security problems, it can either be released via the dual control principle or returned for further processing. Do you know of any other solutions for improving ABAP code security or have you already gained experience with the products mentioned above? I look forward to your comments!

In order to make a transaction in cryptocurrencies, you do not have to let your bank know about it as you would for "normal" money, but you have to use the Private Key to prove that you own the coins. The transaction looks like a piece of the puzzle. Half of the puzzle piece consists of information about the coin set, time and public address of the sender or receiver. The other half is the signature of the private key belonging to the sent public address. Both halves make this piece unique. Changing only one piece of information would completely change the whole transaction or the appearance of the puzzle piece. This transaction is transferred to the network or to the miner and is checked for correctness first. If everything fits, the transaction will be sent to other miners who will do the same. Otherwise, the transaction is ignored. Miners try to integrate the transactions into a block. This is called mining and we have described it so that the miners put the puzzle pieces together into a puzzle (block). A small part of a block to be integrated follows from the block that was previously mined. If all miners accept the correctness of a completed block, they will all work the next one immediately. The puzzle (block) is fixed and is irrevocably connected to the block before or after. The blocks form a chain and are called blockchain, which contains all the transactions that have ever been made and is visible and unchangeable by everyone. In doing so, blockchain replaces a central institution and avoids double-spending, which ultimately gives value to a cryptocurrency. Smart Contracts The biggest advance compared to Bitcoin and similar applications is that second-generation blockchains, such as Ethereum, use the so-called Turing-Complete script language Solidity. This enables calculations to be made within the blockchain. While Bitcoin allows only rudimentary multi-signature functions, Ethereum opens the door to much more complex operations called smart contracts. Smart contracts are contracts in which a decentralised blockchain ensures their unchangeability and execution.
Flexible response to peak loads
What do RFC interfaces and RFC security have to do with the play "Hauptmann von Köpenick" and the science fiction film "Minority Report"? Probably more than you like! RFC security and theatre?! Germany, Berlin, 1906: The 46-year-old cobbler Wilhelm Voigt dreams of returning to a normal life. After various convictions and many prison stays, he lives on the margins of society. It's not just the money he lacks. Above all, the lack of access to his social system makes him. In view of his impasse, he opts for a drastic measure. The excluded shoemaker pulls off and grates off several junk dealers to assemble a military uniform gradually. A few days later, he slips into the same disguise, successfully changes his identity and then swings through Berlin as Captain von Köpenick. He commandeers soldiers, storms the town hall and even detains the mayor. There is no doubt about the commands and their execution, because their true identity is veiled: Because of a simple disguise. A disguise that gives him all the necessary permissions he needs for his scam. At the end of the day, Wilhelm Voigt successfully compromised the Berlin government. RFC Security and Science Fiction?! USA, Washington, DC, 2054: The Washington police have long since stopped investigating murders: It prevents the killings right in advance. For this purpose, so-called "precogs" are used, which use precognition to predict and report murders in visions before they happen. At the same time, the government uses a system of public scanners that can identify all citizens clearly at any time by iris detection. One day, when policeman John Anderton himself appears as the culprit in a vision of the "Precogs," he flees the police building and decides to find out why.

For example, many customer ABAP programs work by uploading or downloading data. There are potentially large security gaps here that allow access to server data. In addition, the widespread direct invocation of operating system commands that are not covered by a self-programmed authorization check is a major problem. Even though classic SQL injection, i.e., the entry of extended SQL commands, is a potential security vulnerability, it occurs rather rarely in SAP systems. More widespread is the unintentional dynamization of SQL calls because input parameters are not sufficiently checked. The need to check all in-house developments internally for such security vulnerabilities before they are delivered in SAP's own code has led to the development of the SAP Code Vulnerability Analyzer tool.

The "Shortcut for SAP Systems" tool is ideal for doing many tasks in the SAP basis more easily and quickly.

It contains the database management system (DBMS) and the actual data.

Conclusion It is a popular approach among hackers to use updates that are usually intended to fix bugs or increase security to inject malicious code into the system.
SAP BASIS
Zurück zum Seiteninhalt