SAP application security learning guide

Learn best practices for SAP security and applications security in this learning guide from and

This guide was created in partnership between:


Also, don't forget to send us an e-mail to let us know what other resource guides you'd like to see on

Best regards,
The editors of and


   Fundamentals of SAP security and app security
   Threats to security
   More Learning Guides

  Fundamentals of SAP security and app security

[Return to Table of Contents]

  Threats to security

[Return to Table of Contents]

Web application threats

Authentication and Authorisation

Web services

  • Expert advice>Why do Web services impact security? (
  • Featured Topic>SAP security (
  • Chapter>OWASP Guide to Building Secure Web Applications, 8: Web Services (
  • News>January, 2006: Put Web services security on front burner (
  • News>January, 2006: Analyst: Start thinking Web services security now (
  • News>October, 2005: Web services security specs hit the standards track (
  • News>August, 2005: Web services security standards to establish trust (
  • News>July, 2005: Web services security getting greater scrutiny (


[Return to Table of Contents]

SAP vulnerability analysis

  • Featured Topic>Securing SAP (
  • Expert advice>Security concerns when upgrading from v.3.1 to v.4.6x (
  • Expert advice>Was a security role removed in R/3 Enterprise? (
  • Expert advice>What's the best tool to get started on security testing? (
  • Expert advice>Are my apps secure? (
  • Expert advice>Reason for application vulnerabilities (
  • Tip>Establishing security parameters (
  • Tip>Are you leaving your apps open to attack? (
  • Tip>Judicious use of tips (
  • Tip>Vulnerability assessment: Leave the scanning to someone else? (
  • News>November, 2005: Flaw opens SAP Web Application Server to phishing scams (
  • News>July, 2005: Customers warned of critical SAP flaw (
  • News>Feb, 2006: Web application firewalls critical piece of the app security puzzle (

Standards and Regulations

  • Guide>SOX Security School (
  • Guide>Compliance management (
  • Quiz> Compliance (
  • News>March, 2005: SAP to bolster compliance with reseller partnership (


  • Featured Topic>RFID on the rise? (
  • Guide>SAP RFID (
  • Expert advice>Is RFID ready for primetime? (
  • Q&A>Face-off: Debating RFID (
  • Q&A>RFID secrets: SAP customers ready systems for RFID (
  • News>April, 2005: Suppliers must look beyond RFID compliance, analyst says (
  • News>April, 2005: SAP advises to take RFID one step at a time (
  • News>April, 2005: Will new RFID technology help or hinder security? (


[Return to Table of Contents]


Vulnerability management

  • Guide>Compliance management (
  • Expert advice>Establishing security parameters (
  • Expert advice>Mass changing of SAP passwords (
  • Expert advice>Best practices for managing secure Web server configurations (
  • Expert advice>Beware: Security testing tools won't find everything (
  • Expert advice>Best practices for password protection (
  • Tip>Introduction to J2EE-based WebSphere security (

Disaster recovery

Deploying applications securely

Incorporating security in the software development lifecycle

  • Q&A>Keep the bad guys out: Build security into the SDLC (
  • News>January, 2006: Incorporation of security in development lifecycle sea of change (
  • News>January, 2006: Build accountability for security into the development process (
  • Expert advice>Are development security tools necessary? (
  • Expert advice>The methodology of software creation/distribution (

  More learning guides

[Return to Table of Contents]

If you're like most IT professionals, security is at the forefront of your concerns. This learning guide pulls SAP security and application security information from both and its sister site, , to provide the most comprehensive resource around. Discover valuable tips, expert advice and step-by-step guides to help you establish security best practices. Most importantly, you can rest easy, knowing your SAP system and applications are secure.

Read more on Business applications