Fundamentals of Securing ABAP® Based Business Applications

This class teaches you how to look for security vulnerabilities in ABAP® based business applications, understanding their root causes, what to do when you find them, and how to avoid creating them. In two half-day sessions you will learn to detect code security flaws in the ABAP® programming language that result in software vulnerabilities. A live instructor will guide you through seven different security modules providing insight from both the attackers and defenders perspectives covering the combination of the most severe and most common security flaws in ABAP® applications. Topics are broken down into bite-sized concepts followed by real-world exercises that allow you to directly apply what you’ve learned. After the class completion you can practice your new skills in our SAP training environment.

A Taste of What You Will Learn:

  • You will learn the prevailing security flaws and threats facing ABAP® code and the most important drivers of security and their opponents within SAP environments.
  • Learn how to perform a code vulnerability analysis to identify and classify flaws then prioritize which ones to tackle first. In addition, you will gain a deeper understanding of how to resolve vulnerabilities in-line with best practices.
  • You will gain a deeper understanding of processes, controls, and techniques that help you develop more secure code from the beginning.
  • Learn which security flaws need to be communicated to stakeholders during the software development life-cycle and the best way to get in the habit of notifying others about missing or insufficient security requirements and design flaws in the review and testing phases.

Course Information

  • Number of Modules: 7
  • Duration: 2 half-days, 7 hours total (day 1 9:00 - 13:00, day 2 9:00 - 12:00 CET)
  • Class Size: 7-14 participants per class
  • Investment: 700 EUR per person taxes excluded
  • Software Version: Unrestricted
  • Instructor: Marco Hammel Co-Founder of NO MONKEY
  • Security Skill Matrix: IYPT-C learn more here

Modules Covered in Online Class:

  1. Fundamental aspects of code security for ABAP® applications
  2. Fundamental protection concepts for ABAP® applications
  3. Directory/Path Traversal Vulnerabilities
  4. OS Command Injection Vulnerabilities
  5. Dynamic Execution Vulnerabilities
  6. SQL Injections Vulnerabilities
  7. ABAP® Code Injection Vulnerabilities

*NO MONKEY SAP Security training content is referenced to existing standards for application security such as OWASP, NIST, and SAP recommendations.

Who’s a Good Fit

SAP Operations

  • ABAP® Developer
  • Developer Consultant

IT Security

  • Code Security Consultant
  • Application Security Expert

NIST/NICE Cybersecurity Workforce Framework Work Roles

  • SAP Software Developer (SP-DEV-001)
  • SAP Secure Software Assessor (SP-DEV-002)
  • SAP Information Systems Security Developer (SP-SYS-001)
  • SAP Systems Developer (SP-SYS-002)
  • SAP Security Control Assessor (SP-RSK-002)

Who Else Might Be A Good Fit

If you’re working as a penetration tester, or IT auditor and want to understand more in detail what risk an SAP system can expose by security flaws in ABAP® applications this training will provide you insights to broaden your assessment scope and enable you to create more specific risk advise and remediation recommendation.

Prerequisites

Mandatory

  • General knowledge on application software programming

Recommended

  • Basic understanding of SAP remote services and their security constraints
  • Fundamental knowledge of SAP ABAP® security design flaws

Helpful

  • Common knowledge about SAP NetWeaver® based ABAP® application programming

Practice Environment Tools

For this course you will use a lab environment hosted by us to practice. The lab provides access to an SAP S/4HANA® system running real-world related ABAP® applications with the vulnerabilities we’re to learn about. You can access to environment by a virtual desktop system with all necessary tools installed.

In addition you will need:

  • HTML 5 ready Browser preferably Edge, Chrome, Firefox
  • (Optional) Zoom client

Reach out to us to book a training for you or your team!

Send us a message

Read Our Customer Success Story

"Let me first say that I had some previous contact with other SAP-related trainings, but this one was by far the best. One can clearly see that you are a knowledgeable trainer with a wide array of expertise, willing to sidetrack interesting topics as they arrive."

Alexander MeierTeam Lead SAP Security Services at SEC Consult

Read the Customer Success Story

Security is Culture!