Case Study #011.01

Scenario

An ABAP developer, who is not familiar with SAP security best practices, includes a code block in a program that could create a security vulnerability. A user who is aware of these vulnerabilities may attempt to exploit them.

Impact

Using operating system commands, accessing the database level, or implementing code blocks that bypass security checks in programs created by developers can lead to security vulnerabilities within the SAP system.

DefenceMore OCA Capabilities

Defencemore OCA's T004, T005, T006, T007, and T008 controls perform code inspections to identify ABAP code that has the potential to harm the system. These controls provide system administrators with detailed information about risky or vulnerable ABAP code that could be exploited.

Related Checks

• T004 Code Inspector GEN_SAP_POOL
• T005 Code Inspector CALL_SYSTEM_CMD
• T006 Code Inspector CONCAT_SELECT
• T007 Code Inspector SYSTEM_CALL
• T008 Code Inspector EXEC_SQL