Course announcements

  • This course provides in-depth knowledge about application security and secure programming. You will learn about the various types of vulnerabilities and be able to effectively implement appropriate countermeasures in your custom developed ABAP code to protect your business applications.
  • You will also gain knowledge on how to use the ABAP Testing Cockpit (ATC) and the SAP NetWeaver Application Server add-on for code vulnerability analysis (CVA) to ensure security and compliancy of your custom developed code.

Goals

  • This course will prepare you to:
  • Explain application security and vulnerabilities
  • Describe ABAP programming best practices and handling of SY-SUBRC
  • Understand injection vulnerabilities
  • Describe security testing tools
  • Explain ATC and CVA

Audience

  • Developer
  • Development Consultant
  • Technology Consultant

Prerequisites

Essential

  • BC400/BC401or equivalent knowledge of ABAP programming
  • Recommended:
  • Basic knowledge of security concepts
  • Knowledge of ABAP Test Cockpit (ATC)

Course based on software release

  • SAP NetWeaver AS ABAP 7.5
  • SAP NetWeaver Application Server, add-on for code vulnerability analysis (CVA)

Content

  • Introduction
  • Explaining Application Security and Vulnerabilities
  • Secure Programming
  • Describing ABAP Best Practices and Handling of SY-SUBRC
  • Understanding Injection Vulnerabilities (SQL Injection, Code Injection, Call Injection, Operating System Command Injection, Directory Traversal, web-based threats, Cross-Site Scripting, Cross-Site Request Forgery, inaccurate programming)
  • Security Testing Tools
  • Describing Security Testing Tools
  • Explaining ATC and CVA