Structure of SAP Basis
Implement notes
An important area of SAP Security is the analysis of the customer's own SAP programs, which are classically written in the proprietary SAP language ABAP. Here, too, as in all programming languages, security vulnerabilities can be programmed - whether consciously or unconsciously. However, the patterns of security vulnerabilities in ABAP code differ from those in Java stacks or Windows programs. The goal of these conventional programs is usually to either crash the program (buffer overflow) or to artificially execute the program's own code (code injection). Both is not possible in ABAP, since a crash of a process causes nothing else than the creation of an entry in the log database (Dump ST22) and a subsequent termination of the report with return to the menu starting point. So a direct manipulation as in other high level languages or servers is not possible. However, there are other manipulation possibilities.
Every SAP Basis system must be controlled and managed by an administrator. The person responsible ensures smooth operation of the system. This can be an internal administrator, or can be handed over to external service providers.
In addition to project-based training, we offer individually prepared training courses on the following topics:
EDI enables companies to exchange business data such as purchase orders or invoices electronically. This data exchange is known as Electronic Data Interchange (EDI). What steps are needed to exchange data between two systems? In this post, I'd like to show you how to configure your SAP system so that an order, after it has been released, is sent electronically to your supplier. Data exchange between two systems requires a valid RFC connection to the receiver system and a transactional RFC IDoc port.
Basis comprises a number of middleware programs and tools from SAP. Basis is responsible for the smooth operation of the SAP Basis system and thus for R/3 and SAP ERP, for example. SAP thus provides the underlying basis (hence the name) that enables various SAP applications to be interoperable and portable across operating systems and databases.
"Shortcut for SAP Systems" simplifies tasks in the area of the SAP basis and complements missing functions of the standard.
In such cases, the Security Auditlog or SAL helps.
When was the last time you thought about the security of your RFC interfaces? Can you say with certainty that all your technical RFC users only have the permissions they actually need? And do you know who exactly knows the passwords of these users? Can you 100% rule out that not now in this moment an SAP user with a false identity infiltrates your production systems? Change now: It's about pro activity! But before you start now and start looking for the "identity converter" (which I really do not recommend!), I suggest that you take root of evil and proactively strengthen your RFC security.