SAP application security learning guide
Learn best practices for SAP security and applications security in this learning guide from SearchSAP.com and SearchAppSecurity.com.
This guide was created in partnership between:
Continue Reading This Article
Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
SearchSAP.com SearchAppSecurity.com
Also, don't forget to send us an e-mail to let us know what other resource guides you'd like to see on SearchSAP.com.
Best regards,
The editors of SearchSAP.com and SearchAppSecurity.com
TABLE OF CONTENTS![]() ![]() ![]() ![]() ![]() |
![]() |
- Featured Topic>Securing SAP (SearchSAP.com)
- Featured Topic>SAP security (SearchSAP.com)
- Guide>SAP Security Learning Guide (SearchSAP.com)
- Report>Securing applications -- The new frontier in security (SearchAppSecurity.com)
- Report>About the Open Web Application Security Project (SearchAppSecurity.com)
- Q&A>Keep the bad guys out: Build security into the SDLC (SearchAppSecurity.com)
- Expert advice>SAP security vs. others (SearchSAP.com)
- Expert advice>Best security practices for large SAP installations (SearchSAP.com)
- Expert advice>Common SAP security practices (SearchSAP.com)
- Expert advice>Basics of application security (SearchSecurity.com)
- Quiz>Web application threats and vulnerabilities (SearchSecurity.com)
- Article>Are you using security technology effectively? (SearchSecurity.com)
![]() |
Web application threats
- Featured Topic>How to counter cross-site scripting attacks (SearchAppSecurity.com)
- Featured Topic>Don't become a victim of SQL injection (SearchAppSecurity.com)
- Tip>Avoid the hazards of unvalidated Web application input (SearchAppSecurity.com)
- Tip>Block and reroute denial-of-service attacks (SearchAppSecurity.com)
- Tip>Deal with cross-site scripting (SearchAppSecurity.com)
- Tip> Which key is which? (SearchAppSecurity.com)
- Tip>Improper error handling (SearchAppSecurity.com)
- Tip>Defense tactics for SQL injection attacks (SearchAppSecurity.com)
- Tip>Cryptography basics for infosecurity managers (SearchAppSecurity.com)
- Tip>Anatomy of a hack: Cross-site scripting (SearchAppSecurity.com)
- Tip>You can prevent buffer-overflow attacks (SearchSecurity.com)
- Tip>Buffer-overflow attacks: How do they work? (SearchSecurity.com)
- Chapter>OWASP Guide to Building Secure Web Applications, 11: Session Management (SearchAppSecurity.com)
- Chapter>OWASP Guide to Building Secure Web Applications, 12: Data Validation (SearchAppSecurity.com)
- Chapter>OWASP Guide to Building Secure Web Applications, 13: Interpreter Injection (SearchAppSecurity.com)
- Chapter>OWASP Guide to Building Secure Web Applications, 15: Error Handling, Auditing and Logging (SearchAppSecurity.com)
- Chapter>OWASP Guide to Building Secure Web Applications, 17: Buffer Overflows (SearchAppSecurity.com)
- Chapter>OWASP Guide to Building Secure Web Applications, 19: Cryptography (SearchAppSecurity.com)
- Chapter>OWASP Guide to Building Secure Web Applications, 20: Configuration (SearchAppSecurity.com)
- Chapter>OWASP Guide to Building Secure Web Applications, 22: Denial of Service Attacks (SearchAppSecurity.com)
- Q&A>Automated SQL injection: What your enterprise needs to know -- Part 2 (SearchSecurity.com)
Authentication and Authorisation
- Tip>SAP authorisations (SearchSAP.com)
- Tip>Prevent password change (SearchSAP.com)
- Tip>Parameters for establishing SAP password policies (SearchSAP.com)
- Tip>Securing Web apps against authenticated users (SearchAppSecurity.com)
- Tip>Authentication and access (SearchSecurity.com)
- Tip>Password policy worst practices (SearchSecurity.com)
- Featured Topic>SAP passwords revealed (SearchSAP.com)
- Expert advice>SAP authorisation and security classes (SearchSAP.com)
- Expert advice>Assigning limited password reset-authority (SearchSAP.com)
- Quiz>Secure passwords (SearchSecurity.com)
- Quiz>Authentication methods (SearchSecurity.com)
Web services
- Expert advice>Why do Web services impact security? (SearchAppSecurity.com)
- Featured Topic>SAP security (SearchSAP.com)
- Chapter>OWASP Guide to Building Secure Web Applications, 8: Web Services (SearchAppSecurity.com)
- News>January, 2006: Put Web services security on front burner (SearchAppSecurity.com)
- News>January, 2006: Analyst: Start thinking Web services security now (SearchWebServices.com)
- News>October, 2005: Web services security specs hit the standards track (SearchWebServices.com)
- News>August, 2005: Web services security standards to establish trust (SearchWebServices.com)
- News>July, 2005: Web services security getting greater scrutiny (SearchWebServices.com)
![]() |
SAP vulnerability analysis
- Featured Topic>Securing SAP (SearchSAP.com)
- Expert advice>Security concerns when upgrading from v.3.1 to v.4.6x (SearchSAP.com)
- Expert advice>Was a security role removed in R/3 Enterprise? (SearchSAP.com)
- Expert advice>What's the best tool to get started on security testing? (SearchAppSecurity.com)
- Expert advice>Are my apps secure? (SearchAppSecurity.com)
- Expert advice>Reason for application vulnerabilities (SearchAppSecurity.com)
- Tip>Establishing security parameters (SearchSAP.com)
- Tip>Are you leaving your apps open to attack? (SearchAppSecurity.com)
- Tip>Judicious use of tips (SearchSAP.com)
- Tip>Vulnerability assessment: Leave the scanning to someone else? (SearchAppSecurity.com)
- News>November, 2005: Flaw opens SAP Web Application Server to phishing scams (SearchSAP.com)
- News>July, 2005: Customers warned of critical SAP flaw (SearchSAP.com)
- News>Feb, 2006: Web application firewalls critical piece of the app security puzzle (SearchAppSecurity.com)
Standards and Regulations
- Guide>SOX Security School (SearchSecurity.com)
- Guide>Compliance management (SearchSAP.com)
- Quiz> Compliance (SearchSecurity.com)
- News>March, 2005: SAP to bolster compliance with reseller partnership (SearchSAP.com)
RFID
- Featured Topic>RFID on the rise? (SearchSAP.com)
- Guide>SAP RFID (SearchSAP.com)
- Expert advice>Is RFID ready for primetime? (SearchSAP.com)
- Q&A>Face-off: Debating RFID (SearchSAP.com)
- Q&A>RFID secrets: SAP customers ready systems for RFID (SearchSAP.com)
- News>April, 2005: Suppliers must look beyond RFID compliance, analyst says (SearchSAP.com)
- News>April, 2005: SAP advises to take RFID one step at a time (SearchSAP.com)
- News>April, 2005: Will new RFID technology help or hinder security? (SearchSecurity.com)
![]() |
Countermeasures
- Expert advice>What kinds of app security tools are there? (SearchAppSecurity.com)
- Tip>Block and reroute denial-of-service attacks (SearchSecurity.com)
- Tip>Thwarting Hacker Techniques: Internet data manipulation (SearchSecurity.com)
- Tip>Defense tactics for SQL injection attacks (SearchSecurity.com)
Tip>You can prevent buffer-overflow attacks (SearchSecurity.com)
Vulnerability management
- Guide>Compliance management (SearchSAP.com)
- Expert advice>Establishing security parameters (SearchSAP.com)
- Expert advice>Mass changing of SAP passwords (SearchSAP.com)
- Expert advice>Best practices for managing secure Web server configurations (SearchAppSecurity.com)
- Expert advice>Beware: Security testing tools won't find everything (SearchAppSecurity.com)
- Expert advice>Best practices for password protection (SearchSecurity.com)
- Tip>Introduction to J2EE-based WebSphere security (SearchAppSecurity.com)
Disaster recovery
- Tip>Disaster recovery (SearchSAP.com)
- Tip>Disaster recover spending -- How much is enough? (SearchSAP.com)
- Tip>BCP plans key to emergency planning (SearchSAP.com)
- Guide>Disaster recovery: Are you prepared? (SearchSAP.com)
- Article>Patching the patch process (SearchSAP.com)
- Q&A>How to survive a data breach (SearchSecurity.com)
- Tip>Concerns raised on tape backup methods (SearchSecurity.com)
- Tip>Restore a back-up tape and recover usable data (SearchSecurity.com)
- Tip>Disaster recovery/business continuity plans (SearchSecurity.com)
- Webcast>Evaluating and using wireless to enable crisis management (SearchSecurity.com)
Deploying applications securely
- White paper>The do's and don'ts of SAP security (SearchSAP.com)
- Expert advice>What is the best way to encrypt messages? (SearchSAP.com)
- Guide>SearchSecurity.com's Web Security School (SearchSecurity.com)
- News>August, 2005: Dos and don'ts: Ensuring apps security from the get-go (SearchOpenSource.com)
Incorporating security in the software development lifecycle
- Q&A>Keep the bad guys out: Build security into the SDLC (SearchAppSecurity.com)
- News>January, 2006: Incorporation of security in development lifecycle sea of change (SearchAppSecurity.com)
- News>January, 2006: Build accountability for security into the development process (SearchAppSecurity.com)
- Expert advice>Are development security tools necessary? (SearchAppSecurity.com)
- Expert advice>The methodology of software creation/distribution (SearchAppSecurity.com)
![]() |
- Learning Guide>SAP Security Learning Guide (SearchSAP.com)
- Learning Guide>Top 10 most critical Web application security vulnerabilities (SearchAppSecurity.com)
- Learning Guide>SAP CRM Learning Guide (SearchSAP.com)
- Learning Guide>ERP guide for the midmarket (SearchSAP.com)
- Learning Guide>SAP Job Seeker's Learning Guide (SearchSAP.com)
- Learning Guide>SAP Career Advancement Learning Guide (SearchSAP.com)
- Learning Guide>SAP NetWeaver Learning Guide (SearchSAP.com)
- Learning Guide>SAP BW Learning Guide (SearchSAP.com)
- Learning Guide>Business Intelligence (BI) Learning Guide (SearchSAP.com)
- Learning Guide>SAP HR Learning Guide (SearchSAP.com)
- Learning Guide>SAP XI Learning Guide (SearchSAP.com)
- Learning Guide>SAP RFID Learning Guide (SearchSAP.com)
- Learning Guide>BAPI Learning Guide (SearchSAP.com)
- Learning Guide>Basis Learning Guide (SearchSAP.com)
- Learning Guide>Firewall Resource Guide (SearchSecurity.com)
- Learning Guide>HIPAA Learning Guide (SearchSecurity.com)
- Learning Guide>VoIP Security Resource Guide (SearchSecurity.com)