SAP application security guide

Home
Topics
SAP administration
SAP security administration
SAP application security guide

SAP application security guide

Establishing security best practices is made simple with this learning guide, which contains tips, expert advice and step-by-step guides on SAP security and application security information.

Requires Free Membership to View

Login

When you register, you will start receiving targeted emails from my award-winning team of editorial writers. Our goal is to keep you informed on the hottest topics and biggest challenges faced by SAP professionals today.

Hannah Smalltree, Editorial Director

By submitting your registration information to SearchSAP.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSAP.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

TABLE OF CONTENTS

   Fundamentals of SAP security and apps security
   Threats to security
   Analysis
   Action
   More Learning Guides

Fundamentals of SAP security and apps security

Return to Table of Contents

Securing SAP (SearchSAP.com)

SAP security (SearchSAP.com)

SAP Security Learning Guide (SearchSAP.com)

Securing applications -- The new frontier in security (SearchAppSecurity.com)

About the Open Web Application Security Project (SearchAppSecurity.com)

Keep the bad guys out: Build security into the SDLC (SearchAppSecurity.com)

SAP security vs. others (SearchSAP.com)

Best security practices for large SAP installations (SearchSAP.com)

Common SAP security practices (SearchSAP.com)
Basics of application security (SearchSecurity.com)

Web application threats and vulnerabilities (SearchSecurity.com)

Are you using security technology effectively? (SearchSecurity.com)

Threats to security

Return to Table of Contents

Web application threats

How to counter cross-site scripting attacks (SearchAppSecurity.com)

Don't become a victim of SQL injection (SearchAppSecurity.com)

Avoid the hazards of unvalidated Web application input (SearchAppSecurity.com)

Block and reroute denial-of-service attacks (SearchAppSecurity.com)

Deal with cross-site scripting (SearchAppSecurity.com)

Which key is which? (SearchAppSecurity.com)

Improper error handling (SearchAppSecurity.com)

Defense tactics for SQL injection attacks (SearchAppSecurity.com)

Cryptography basics for infosecurity managers (SearchAppSecurity.com)

Anatomy of a hack: Cross-site scripting (SearchAppSecurity.com)

You can prevent buffer-overflow attacks (SearchSecurity.com)

Buffer-overflow attacks: How do they work? (SearchSecurity.com)

OWASP Guide to Building Secure Web Applications, 11: Session Management (SearchAppSecurity.com)

OWASP Guide to Building Secure Web Applications, 12: Data Validation (SearchAppSecurity.com)

OWASP Guide to Building Secure Web Applications, 13: Interpreter Injection (SearchAppSecurity.com)

OWASP Guide to Building Secure Web Applications, 15: Error Handling, Auditing and Logging (SearchAppSecurity.com)
OWASP Guide to Building Secure Web Applications, 17: Buffer Overflows (SearchAppSecurity.com)

OWASP Guide to Building Secure Web Applications, 19: Cryptography (SearchAppSecurity.com)

OWASP Guide to Building Secure Web Applications, 20: Configuration (SearchAppSecurity.com)

OWASP Guide to Building Secure Web Applications, 22: Denial of Service Attacks (SearchAppSecurity.com)

Automated SQL injection: What your enterprise needs to know -- Part 2 (SearchSecurity.com)

Authentication and Authorization

SAP authorizations (SearchSAP.com)
Prevent password change (SearchSAP.com)
Parameters for establishing SAP password policies (SearchSAP.com)
Securing Web apps against authenticated users (SearchAppSecurity.com)
Authentication and access (SearchSecurity.com)
Password policy worst practices (SearchSecurity.com)
SAP passwords revealed (SearchSAP.com)
SAP authorization and security classes (SearchSAP.com)
Assigning limited password reset-authority (SearchSAP.com)
Secure passwords (SearchSecurity.com)
Authentication methods (SearchSecurity.com)

Web services

Why do Web services impact security? (SearchAppSecurity.com)

SAP security (SearchSAP.com)

OWASP Guide to Building Secure Web Applications, 8: Web Services (SearchAppSecurity.com)

January, 2006: Put Web services security on front burner (SearchAppSecurity.com)

January, 2006: Analyst: Start thinking Web services security now (SearchWebServices.com)

October, 2005: Web services security specs hit the standards track (SearchWebServices.com)

August, 2005: Web services security standards to establish trust (SearchWebServices.com)

July, 2005: Web services security getting greater scrutiny (SearchWebServices.com)

Analysis

Return to Table of Contents

SAP vulnerability analysis

Securing SAP (SearchSAP.com)

Security concerns when upgrading from v.3.1 to v.4.6x (SearchSAP.com)

Was a security role removed in R/3 Enterprise? (SearchSAP.com)

What's the best tool to get started on security testing? (SearchAppSecurity.com)

Are my apps secure? (SearchAppSecurity.com)

Reason for application vulnerabilities (SearchAppSecurity.com)

Establishing security parameters (SearchSAP.com)

Are you leaving your apps open to attack? (SearchAppSecurity.com)

Judicious use of tips (SearchSAP.com)

Vulnerability assessment: Leave the scanning to someone else? (SearchAppSecurity.com)

November, 2005: Flaw opens SAP Web Application Server to phishing scams (SearchSAP.com)

July, 2005: Customers warned of critical SAP flaw (SearchSAP.com)

Feb, 2006: Web application firewalls critical piece of the app security puzzle (SearchAppSecurity.com)

Standards and Regulations

SOX Security School (SearchSecurity.com)

Compliance management (SearchSAP.com)

Compliance (SearchSecurity.com)

March, 2005: SAP to bolster compliance with reseller partnership (SearchSAP.com)

RFID

RFID on the rise? (SearchSAP.com)
SAP RFID (SearchSAP.com)
Is RFID ready for primetime? (SearchSAP.com)
Face-off: Debating RFID (SearchSAP.com)
RFID secrets: SAP customers ready systems for RFID (SearchSAP.com)

April, 2005: Suppliers must look beyond RFID compliance, analyst says (SearchSAP.com)

April, 2005: SAP advises to take RFID one step at a time (SearchSAP.com)
April, 2005: Will new RFID technology help or hinder security? (SearchSecurity.com)

Action

Return to Table of Contents

Countermeasures

What kinds of app security tools are there? (SearchAppSecurity.com)

Block and reroute denial-of-service attacks (SearchSecurity.com)

Thwarting Hacker Techniques: Internet data manipulation (SearchSecurity.com)

Defense tactics for SQL injection attacks (SearchSecurity.com)

You can prevent buffer-overflow attacks

Vulnerability management

Compliance management (SearchSAP.com)

Establishing security parameters (SearchSAP.com)

Mass changing of SAP passwords (SearchSAP.com)

Best practices for managing secure Web server configurations (SearchAppSecurity.com)

Beware: Security testing tools won't find everything (SearchAppSecurity.com)

Best practices for password protection (SearchSecurity.com)

Introduction to J2EE-based WebSphere security (SearchAppSecurity.com)

Disaster recovery

Disaster recovery (SearchSAP.com)

Disaster recover spending -- How much is enough? (SearchSAP.com)

BCP plans key to emergency planning (SearchSAP.com)

Disaster recovery: Are you prepared? (SearchSAP.com)

Patching the patch process (SearchSAP.com)

How to survive a data breach (SearchSecurity.com)

Concerns raised on tape backup methods (SearchSecurity.com)
Restore a back-up tape and recover usable data (SearchSecurity.com)

Disaster recovery/business continuity plans (SearchSecurity.com)

Webcast>Evaluating and using wireless to enable crisis management (SearchSecurity.com)

Deploying applications securely

White paper>The do's and don'ts of SAP security (SearchSAP.com)

What is the best way to encrypt messages? (SearchSAP.com)

SearchSecurity.com's Web Security School (SearchSecurity.com)

August, 2005: Dos and don'ts: Ensuring apps security from the get-go (SearchOpenSource.com)

Incorporating security in the software development lifecycle

Keep the bad guys out: Build security into the SDLC (SearchAppSecurity.com)

January, 2006: Incorporation of security in development lifecycle sea of change (SearchAppSecurity.com)

January, 2006: Build accountability for security into the development process (SearchAppSecurity.com)

Are development security tools necessary? (SearchAppSecurity.com)

The methodology of software creation/distribution (SearchAppSecurity.com)

More Learning Guides

Return to Table of Contents

SAP Certification Learning Guide (SearchSAP.com)

SAP Security Learning Guide (SearchSAP.com)

Top 10 most critical Web application security vulnerabilities (SearchAppSecurity.com)

SAP CRM Learning Guide (SearchSAP.com)

ERP guide for the midmarket (SearchSAP.com)
SAP Job Seeker's Learning Guide (SearchSAP.com)
SAP Career Advancement Learning Guide (SearchSAP.com)
SAP NetWeaver Learning Guide (SearchSAP.com)
SAP BW Learning Guide (SearchSAP.com)
Business Intelligence (BI) Learning Guide (SearchSAP.com)
SAP HR Learning Guide (SearchSAP.com)
SAP XI Learning Guide (SearchSAP.com)
SAP RFID Learning Guide (SearchSAP.com)
BAPI Learning Guide (SearchSAP.com)
Basis Learning Guide (SearchSAP.com)
Firewall Resource Guide (SearchSecurity.com)
HIPAA Learning Guide (SearchSecurity.com)
VoIP Security Resource Guide (SearchSecurity.com)

Dig Deeper

People who read this also read...
Related tags
- applications
- guide
- sap
- security

Show me more

This was first published in February 2006

More from Related TechTarget Sites

Manufacturing ERP
Oracle
Data Management
Data Management UK
Business Analytics
CRM
Content Management

Manufacturing ERP
- S&OP software projects rely on cultural, business process changes
  
  Successful S&OP software projects are far more about fostering cultural and organizational change than addressing technical challenges, experts say.
- Teamwork, analytics help integrate financial management applications
  
  Financial management applications are essential in any enterprise IT strategy -- but integration with other business software is critical, experts say.
- Get detailed when preparing RFPs for mobile ERP and BI
  
  A clear mobile strategy will determine the right questions to ask hardware vendors, software developers and service providers, consultants say.
Oracle
- Oracle purchase of Taleo indicates rising SaaS trend
  
  Oracle has spent $3.4 billion on Taleo and RightNow in the past few months, showing that it is serious about hosting applications in the cloud for its customers.
- Making Monday the start of the week in Oracle SQL
  
  One reader asks how to set up a report in Oracle SQL so that Monday is the first day of the week.
- Oracle Advanced Analytics bundles R with Oracle Database
  
  Oracle Advanced Analytics is the company’s newest announcement around data analytics, a market that Oracle seeks to blanket with products.
Data Management
- AAA picks Dell Boomi cloud integration tools over IBM, Jitterbit
  
  A local AAA auto club serving three western states is using cloud-based data integration tools to help drive an aggressive cloud computing strategy.
- From the Editors: Framing the case for enterprise data virtualization
  
  There’s no lack of choices to consider if you’re looking at a possible data virtualization deployment -- both in terms of the vendors offering tools and the potential uses for the technology.
- Forrester Wave: Informatica, IBM lead data virtualization tools market
  
  Informatica and IBM are the top dogs in the data virtualization software market, thanks to a strong combination of “enterprise-class” features, according to Forrester Research Inc.
DataManagement UK
- SaaS BI technology comes of age
  
  SaaS BI and its benefits explained: it can improve scalability and reduce administration costs; it offers capabilities in data warehousing, ETL and analytics; it can be secured. What’s not to like?
- Gartner: Address economy, compliance with information governance, MDM
  
  IT leaders need to get information governance right if MDM is to help cut costs, stoke productivity and mitigate risk, according to Gartner on the eve of the MDM summit.
- Gartner: Business, analytics fail to connect, mobile BI gets real
  
  Gartner’s BI London summit will show a landscape beset by strategic misalignment, intra-organisational struggle and weak cloud adoption. Yet mobile BI is becoming a reality.
Business Analytics
- TDWI BI Executive Summit: Business intelligence benefits & strategies
  
  Get news and other information resources about strategies for gaining business intelligence benefits, reported from the TDWI World Conference and BI Executive Summit in Las Vegas.
- Airport retailer leaves Excel behind with BI tools makeover
  
  The Paradies Shops’ search for BI tools to access data quickly and break away from Excel spreadsheets started with data discovery vendors but didn’t end with them.
- Hadoop is hot, but not most popular ‘big data’ technology
  
  New research reveals businesses’ relative lack of “big data” maturity and the hurdles in both technology and analytics techniques they need to overcome.
CRM
- As social media expands, companies need to center social CRM plans
  
  With social CRM gaining popularity, companies need to identify their audiences are and what social media sites and technology they use, analysts say.
- Red Sox hit home run with custom Microsoft CRM app
  
  The Boston Red Sox spent seven years searching for a CRM system to handle ticketing and fan engagement before selecting a custom version of Microsoft CRM.
- Contact center social will (slowly) become norm
  
  In this expert response, find some ways contact centers are using social media channels to manage customer contact volume.
Content Management
- Web content management's new role: Fueling digitally driven businesses
  
  Web content management is not just about publishing Web pages any more, according to one industry expert. It has become a way to use content to power useful business applications for the enterprise.
- Data archive strategy key to efficient enterprise content management
  
  Digital archiving and the longevity of electronic information is being overlooked by enterprise content management professionals at the enterprise’s peril. Digital doesn’t necessarily mean permanent.
- Lancaster Bible College gets cloud Web content management system boost
  
  After technical infrastructure issues continually crashed Lancaster Bible College’s website over the course of a year, the school switched to a cloud Web content management system.

All Rights Reserved, Copyright 2000 - 2012, TechTarget