Get started Bring yourself up to speed with our introductory content.

SAP application security guide

If you're like most IT professionals, security is at the forefront of your concerns. Learn best practices for SAP security and applications security in this learning guide from SearchSAP.com and SearchAppSecurity.com.

Establishing security best practices is made simple with this learning guide, which contains tips, expert advice and step-by-step guides on SAP security and application security information.

TABLE OF CONTENTS

   Fundamentals of SAP security and apps security
   Threats to security
   Analysis
   Action
   More Learning Guides













  Fundamentals of SAP security and apps security  Return to Table of Contents



  Threats to security  Return to Table of Contents

Web application threats

  • How to counter cross-site scripting attacks (SearchAppSecurity.com)

  • Don't become a victim of SQL injection (SearchAppSecurity.com)

  • Avoid the hazards of unvalidated Web application input (SearchAppSecurity.com)

  • Block and reroute denial-of-service attacks (SearchAppSecurity.com)

  • Deal with cross-site scripting (SearchAppSecurity.com)

  • Which key is which? (SearchAppSecurity.com)

  • Improper error handling (SearchAppSecurity.com)

  • Defense tactics for SQL injection attacks (SearchAppSecurity.com)

  • Cryptography basics for infosecurity managers (SearchAppSecurity.com)

  • Anatomy of a hack: Cross-site scripting (SearchAppSecurity.com)

  • You can prevent buffer-overflow attacks (SearchSecurity.com)

  • Buffer-overflow attacks: How do they work? (SearchSecurity.com)

  • OWASP Guide to Building Secure Web Applications, 11: Session Management (SearchAppSecurity.com)

  • OWASP Guide to Building Secure Web Applications, 12: Data Validation (SearchAppSecurity.com)

  • OWASP Guide to Building Secure Web Applications, 13: Interpreter Injection (SearchAppSecurity.com)

  • OWASP Guide to Building Secure Web Applications, 15: Error Handling, Auditing and Logging (SearchAppSecurity.com)
  • OWASP Guide to Building Secure Web Applications, 17: Buffer Overflows (SearchAppSecurity.com)

  • OWASP Guide to Building Secure Web Applications, 19: Cryptography (SearchAppSecurity.com)

  • OWASP Guide to Building Secure Web Applications, 20: Configuration (SearchAppSecurity.com)

  • OWASP Guide to Building Secure Web Applications, 22: Denial of Service Attacks (SearchAppSecurity.com)

  • Automated SQL injection: What your enterprise needs to know -- Part 1 (SearchSecurity.com)

  • Automated SQL injection: What your enterprise needs to know -- Part 2 (SearchSecurity.com)

Authentication and Authorization

Web services

  • Why do Web services impact security? (SearchAppSecurity.com)

  • SAP security (SearchSAP.com)

  • OWASP Guide to Building Secure Web Applications, 8: Web Services (SearchAppSecurity.com)

  • January, 2006: Put Web services security on front burner (SearchAppSecurity.com)

  • January, 2006: Analyst: Start thinking Web services security now (SearchWebServices.com)

  • October, 2005: Web services security specs hit the standards track (SearchWebServices.com)

  • August, 2005: Web services security standards to establish trust (SearchWebServices.com)

  • July, 2005: Web services security getting greater scrutiny (SearchWebServices.com)

  Analysis  Return to Table of Contents

SAP vulnerability analysis

  • Securing SAP (SearchSAP.com)

  • Security concerns when upgrading from v.3.1 to v.4.6x (SearchSAP.com)

  • Was a security role removed in R/3 Enterprise? (SearchSAP.com)

  • What's the best tool to get started on security testing? (SearchAppSecurity.com)

  • Are my apps secure? (SearchAppSecurity.com)

  • Reason for application vulnerabilities (SearchAppSecurity.com)

  • Establishing security parameters (SearchSAP.com)

  • Are you leaving your apps open to attack? (SearchAppSecurity.com)

  • Judicious use of tips (SearchSAP.com)

  • Vulnerability assessment: Leave the scanning to someone else? (SearchAppSecurity.com)

  • November, 2005: Flaw opens SAP Web Application Server to phishing scams (SearchSAP.com)

  • July, 2005: Customers warned of critical SAP flaw (SearchSAP.com)

  • Feb, 2006: Web application firewalls critical piece of the app security puzzle (SearchAppSecurity.com)

Standards and Regulations

  • SOX Security School (SearchSecurity.com)

  • Compliance management (SearchSAP.com)

  • Compliance (SearchSecurity.com)

  • March, 2005: SAP to bolster compliance with reseller partnership (SearchSAP.com)

RFID

  • RFID on the rise? (SearchSAP.com)
  • SAP RFID (SearchSAP.com)
  • Is RFID ready for primetime? (SearchSAP.com)
  • Face-off: Debating RFID (SearchSAP.com)
  • RFID secrets: SAP customers ready systems for RFID (SearchSAP.com)

  • April, 2005: Suppliers must look beyond RFID compliance, analyst says (SearchSAP.com)

  • April, 2005: SAP advises to take RFID one step at a time (SearchSAP.com)
  • April, 2005: Will new RFID technology help or hinder security? (SearchSecurity.com)

  Action  Return to Table of Contents

Countermeasures

Vulnerability management

  • Compliance management (SearchSAP.com)

  • Establishing security parameters (SearchSAP.com)

  • Mass changing of SAP passwords (SearchSAP.com)

  • Best practices for managing secure Web server configurations (SearchAppSecurity.com)

  • Beware: Security testing tools won't find everything (SearchAppSecurity.com)

  • Best practices for password protection (SearchSecurity.com)

  • Introduction to J2EE-based WebSphere security (SearchAppSecurity.com)

Disaster recovery

  • Disaster recovery (SearchSAP.com)

  • Disaster recover spending -- How much is enough? (SearchSAP.com)

  • BCP plans key to emergency planning (SearchSAP.com)

  • Disaster recovery: Are you prepared? (SearchSAP.com)

  • Patching the patch process (SearchSAP.com)

  • How to survive a data breach (SearchSecurity.com)

  • Concerns raised on tape backup methods (SearchSecurity.com)
  • Restore a back-up tape and recover usable data (SearchSecurity.com)

  • Disaster recovery/business continuity plans (SearchSecurity.com)

  • Webcast>Evaluating and using wireless to enable crisis management (SearchSecurity.com)

Deploying applications securely

Incorporating security in the software development lifecycle


  • Keep the bad guys out: Build security into the SDLC (SearchAppSecurity.com)

  • January, 2006: Incorporation of security in development lifecycle sea of change (SearchAppSecurity.com)

  • January, 2006: Build accountability for security into the development process (SearchAppSecurity.com)

  • Are development security tools necessary? (SearchAppSecurity.com)

  • The methodology of software creation/distribution (SearchAppSecurity.com)

  More Learning Guides  Return to Table of Contents

Dig Deeper on SAP security

SearchERP
SearchOracle
SearchDataManagement
SearchAWS
SearchBusinessAnalytics
SearchContentManagement
SearchHRSoftware
Close