Vulnerabilities in custom SAP ABAP Code

March 10, 2010 (at 5 p.m.) in Defense & Management

When code is written things go wrong. Wrong code can lead to vulnerabilities. And custom applications written in SAP’s proprietary language ABAP are no exception. But there’s a difference: if wrong code in a SAP application can be exploited, the impact is very high since SAP applications directly control the processes of a business. In this talk, we provide 101 security course for ABAP. We introduce the language and different programming paradigms. Furthermore, we present by example how certain vulnerabilities in custom ABAP code might look like and what you can do to prevent them (Cross-Site Scripting and SQL Injection).

Markus Schumacher

Dr. Markus Schumacher is co-founder of Virtual Forge GmbH, an independent security product company based in Heidelberg, Germany. The members of the Virtual Forge team are leading experts for SAP® application security. Virtual Forge’s unique ABAP™ security knowledge has been captured into CodeProfiler, the first static code analysis tool for ABAP™ security and compliance testing. Markus Schumacher has a PhD in computer science and is a frequent speaker at international conferences. He co-authored numerous articles and books (recently: “Sichere ABAP Programmierung” published by SAP Press).