Synonym(s): SAP Basis Consulting, Consulting
An important area of SAP Security is the analysis of the customer's own SAP programs, which are classically written in the proprietary SAP language ABAP. Here, too, as in all programming languages, security vulnerabilities can be programmed - whether consciously or unconsciously. However, the patterns of security vulnerabilities in ABAP code differ from those in Java stacks or Windows programs. The goal of these conventional programs is usually to either crash the program (buffer overflow) or to artificially execute the program's own code (code injection). Both is not possible in ABAP, since a crash of a process causes nothing else than the creation of an entry in the log database (Dump ST22) and a subsequent termination of the report with return to the menu starting point. So a direct manipulation as in other high level languages or servers is not possible. However, there are other manipulation possibilities.
Either temporary programme calls are blocked that are actually desired or enormously large gateway logs must be analysed. If, due to the heavy workload, one were to decide to forgo the use of the access control lists permanently, this would be a major security vulnerability. The unprotected system does not have any limitations on the external services that may register, and there are no rules for running programmes. One possible consequence would be, for example, the registration of an external system on which malicious programmes exist. At the moment when foreign programmes are running on your system without any control, you can expect that great damage will be done. For example, it ranges from an unnoticed reading of purchase and sales figures, a diversion of funds, to a paralysis or manipulation of the entire system. In addition, this scenario is also possible for poorly maintained access control lists. Our solution: secinfo and reginfo Generator for SAP RFC Gateway To solve the problem, we have developed a generator that can automatically create secinfo and reginfo files based on gateway logs. The basic idea is based on the logging-based approach. It performs the task of time-consuming analysis of log files and also ensures maximum reliability through automation. Nevertheless, the entries of the generated files should be checked by one person. Since the log files used as input are sensitive data, of course none of the inserted data leave your system. More information about the generator can be found here.
SAP administrators are present wherever SAP systems are used. This is now true for many industries and business sectors. SAP systems can be found in the areas of accounting, cost accounting, activity-based costing and controlling. In all of these areas, they ensure smooth operation and further development, helping the company to make internal processes more efficient and thus save costs and resources.
SAP Basis is the foundation of any SAP system. You can find a lot of useful information about it on this page: www.sap-corner.de.
Although you always make sure that authorization roles are generated when administering them, it happens again and again that there are red lights in the user assignment in the production systems. Have you considered user matching?
"Shortcut for SAP Systems" simplifies tasks in the area of the SAP basis and complements missing functions of the standard.
In addition, there is the ACL file secinfo, which allows to configure which users can start an external programme.
The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.
Different customers have different support requirements and concepts.