
	Home > SAP application security learning guide

Learning Guide:

EMAIL THIS

SAP application security learning guide

13 Feb 2006 | SearchAppSecurity.com and SearchSAP.com

Software quality news and advice

Digg This! StumbleUpon Del.icio.us

This guide was created in partnership between:

If you're like most IT professionals, security is at the forefront of your concerns. This learning guide pulls SAP security and application security information from both SearchSAP.com and its sister site, SearchAppSecurity.com, to provide the most comprehensive resource around. Discover valuable tips, expert advice and step-by-step guides to help you establish security best practices. Most importantly, you can rest easy, knowing your SAP system and applications are secure.

Also, don't forget to send us an e-mail to let us know what other resource guides you'd like to see on SearchSAP.com.

Best regards,
The editors of SearchSAP.com and SearchAppSecurity.com

TABLE OF CONTENTS

   Fundamentals of SAP security and app security
   Threats to security
   Analysis
   Action
   More Learning Guides

  Fundamentals of SAP security and app security

[Return to Table of Contents]

Featured Topic>Securing SAP (SearchSAP.com)

Featured Topic>SAP security (SearchSAP.com)

Guide>SAP Security Learning Guide (SearchSAP.com)

Report>Securing applications -- The new frontier in security (SearchAppSecurity.com)

Report>About the Open Web Application Security Project (SearchAppSecurity.com)

Q&A>Keep the bad guys out: Build security into the SDLC (SearchAppSecurity.com)

Expert advice>SAP security vs. others (SearchSAP.com)

Expert advice>Best security practices for large SAP installations (SearchSAP.com)

Expert advice>Common SAP security practices (SearchSAP.com)
Expert advice>Basics of application security (SearchSecurity.com)

Quiz>Web application threats and vulnerabilities (SearchSecurity.com)

Article>Are you using security technology effectively? (SearchSecurity.com)

Threats to security

[Return to Table of Contents]

Web application threats

Featured Topic>How to counter cross-site scripting attacks (SearchAppSecurity.com)

Featured Topic>Don't become a victim of SQL injection (SearchAppSecurity.com)

Tip>Avoid the hazards of unvalidated Web application input (SearchAppSecurity.com)

Tip>Block and reroute denial-of-service attacks (SearchAppSecurity.com)

Tip>Deal with cross-site scripting (SearchAppSecurity.com)

Tip> Which key is which? (SearchAppSecurity.com)

Tip>Improper error handling (SearchAppSecurity.com)

Tip>Defense tactics for SQL injection attacks (SearchAppSecurity.com)

Tip>Cryptography basics for infosecurity managers (SearchAppSecurity.com)

Tip>Anatomy of a hack: Cross-site scripting (SearchAppSecurity.com)

Tip>You can prevent buffer-overflow attacks (SearchSecurity.com)

Tip>Buffer-overflow attacks: How do they work? (SearchSecurity.com)

Chapter>OWASP Guide to Building Secure Web Applications, 11: Session Management (SearchAppSecurity.com)

Chapter>OWASP Guide to Building Secure Web Applications, 12: Data Validation (SearchAppSecurity.com)

Chapter>OWASP Guide to Building Secure Web Applications, 13: Interpreter Injection (SearchAppSecurity.com)

Chapter>OWASP Guide to Building Secure Web Applications, 15: Error Handling, Auditing and Logging (SearchAppSecurity.com)
Chapter>OWASP Guide to Building Secure Web Applications, 17: Buffer Overflows (SearchAppSecurity.com)

Chapter>OWASP Guide to Building Secure Web Applications, 19: Cryptography (SearchAppSecurity.com)

Chapter>OWASP Guide to Building Secure Web Applications, 20: Configuration (SearchAppSecurity.com)

Chapter>OWASP Guide to Building Secure Web Applications, 22: Denial of Service Attacks (SearchAppSecurity.com)

Q&A>Automated SQL injection: What your enterprise needs to know -- Part 2 (SearchSecurity.com)

Authentication and Authorization

Tip>SAP authorizations (SearchSAP.com)
Tip>Prevent password change (SearchSAP.com)
Tip>Parameters for establishing SAP password policies (SearchSAP.com)
Tip>Securing Web apps against authenticated users (SearchAppSecurity.com)
Tip>Authentication and access (SearchSecurity.com)
Tip>Password policy worst practices (SearchSecurity.com)
Featured Topic>SAP passwords revealed (SearchSAP.com)
Expert advice>SAP authorization and security classes (SearchSAP.com)
Expert advice>Assigning limited password reset-authority (SearchSAP.com)
Quiz>Secure passwords (SearchSecurity.com)
Quiz>Authentication methods (SearchSecurity.com)

Web services

Expert advice>Why do Web services impact security? (SearchAppSecurity.com)

Featured Topic>SAP security (SearchSAP.com)

Chapter>OWASP Guide to Building Secure Web Applications, 8: Web Services (SearchAppSecurity.com)

News>January, 2006: Put Web services security on front burner (SearchAppSecurity.com)

News>January, 2006: Analyst: Start thinking Web services security now (SearchWebServices.com)

News>October, 2005: Web services security specs hit the standards track (SearchWebServices.com)

News>August, 2005: Web services security standards to establish trust (SearchWebServices.com)

News>July, 2005: Web services security getting greater scrutiny (SearchWebServices.com)

Analysis

[Return to Table of Contents]

SAP vulnerability analysis

Featured Topic>Securing SAP (SearchSAP.com)

Expert advice>Security concerns when upgrading from v.3.1 to v.4.6x (SearchSAP.com)

Expert advice>Was a security role removed in R/3 Enterprise? (SearchSAP.com)

Expert advice>What's the best tool to get started on security testing? (SearchAppSecurity.com)

Expert advice>Are my apps secure? (SearchAppSecurity.com)

Expert advice>Reason for application vulnerabilities (SearchAppSecurity.com)

Tip>Establishing security parameters (SearchSAP.com)

Tip>Are you leaving your apps open to attack? (SearchAppSecurity.com)

Tip>Judicious use of tips (SearchSAP.com)

Tip>Vulnerability assessment: Leave the scanning to someone else? (SearchAppSecurity.com)

News>November, 2005: Flaw opens SAP Web Application Server to phishing scams (SearchSAP.com)

News>July, 2005: Customers warned of critical SAP flaw (SearchSAP.com)

News>Feb, 2006: Web application firewalls critical piece of the app security puzzle (SearchAppSecurity.com)

Standards and Regulations

Guide>SOX Security School (SearchSecurity.com)

Guide>Compliance management (SearchSAP.com)

Quiz> Compliance (SearchSecurity.com)

News>March, 2005: SAP to bolster compliance with reseller partnership (SearchSAP.com)

RFID

Featured Topic>RFID on the rise? (SearchSAP.com)
Guide>SAP RFID (SearchSAP.com)
Expert advice>Is RFID ready for primetime? (SearchSAP.com)
Q&A>Face-off: Debating RFID (SearchSAP.com)
Q&A>RFID secrets: SAP customers ready systems for RFID (SearchSAP.com)

News>April, 2005: Suppliers must look beyond RFID compliance, analyst says (SearchSAP.com)

News>April, 2005: SAP advises to take RFID one step at a time (SearchSAP.com)
News>April, 2005: Will new RFID technology help or hinder security? (SearchSecurity.com)

Action

[Return to Table of Contents]

Countermeasures

Expert advice>What kinds of app security tools are there? (SearchAppSecurity.com)

Tip>Block and reroute denial-of-service attacks (SearchSecurity.com)

Tip>Thwarting Hacker Techniques: Internet data manipulation (SearchSecurity.com)

Tip>Defense tactics for SQL injection attacks (SearchSecurity.com)

Tip>You can prevent buffer-overflow attacks

Vulnerability management

Guide>Compliance management (SearchSAP.com)

Expert advice>Establishing security parameters (SearchSAP.com)

Expert advice>Mass changing of SAP passwords (SearchSAP.com)

Expert advice>Best practices for managing secure Web server configurations (SearchAppSecurity.com)

Expert advice>Beware: Security testing tools won't find everything (SearchAppSecurity.com)

Expert advice>Best practices for password protection (SearchSecurity.com)

Tip>Introduction to J2EE-based WebSphere security (SearchAppSecurity.com)

Disaster recovery

Tip>Disaster recovery (SearchSAP.com)

Tip>Disaster recover spending -- How much is enough? (SearchSAP.com)

Tip>BCP plans key to emergency planning (SearchSAP.com)

Guide>Disaster recovery: Are you prepared? (SearchSAP.com)

Article>Patching the patch process (SearchSAP.com)

Q&A>How to survive a data breach (SearchSecurity.com)

Tip>Concerns raised on tape backup methods (SearchSecurity.com)
Tip>Restore a back-up tape and recover usable data (SearchSecurity.com)

Tip>Disaster recovery/business continuity plans (SearchSecurity.com)

Webcast>Evaluating and using wireless to enable crisis management (SearchSecurity.com)

Deploying applications securely

White paper>The do's and don'ts of SAP security (SearchSAP.com)

Expert advice>What is the best way to encrypt messages? (SearchSAP.com)

Guide>SearchSecurity.com's Web Security School (SearchSecurity.com)

News>August, 2005: Dos and don'ts: Ensuring apps security from the get-go (SearchOpenSource.com)

Incorporating security in the software development lifecycle

Q&A>Keep the bad guys out: Build security into the SDLC (SearchAppSecurity.com)

News>January, 2006: Incorporation of security in development lifecycle sea of change (SearchAppSecurity.com)

News>January, 2006: Build accountability for security into the development process (SearchAppSecurity.com)

Expert advice>Are development security tools necessary? (SearchAppSecurity.com)

Expert advice>The methodology of software creation/distribution (SearchAppSecurity.com)

More learning guides

[Return to Table of Contents]

Learning Guide>SAP Security Learning Guide (SearchSAP.com)

Learning Guide>Top 10 most critical Web application security vulnerabilities (SearchAppSecurity.com)

Learning Guide>SAP CRM Learning Guide (SearchSAP.com)

Learning Guide>ERP guide for the midmarket (SearchSAP.com)
Learning Guide>SAP Job Seeker's Learning Guide (SearchSAP.com)
Learning Guide>SAP Career Advancement Learning Guide (SearchSAP.com)
Learning Guide>SAP NetWeaver Learning Guide (SearchSAP.com)
Learning Guide>SAP BW Learning Guide (SearchSAP.com)
Learning Guide>Business Intelligence (BI) Learning Guide (SearchSAP.com)
Learning Guide>SAP HR Learning Guide (SearchSAP.com)
Learning Guide>SAP XI Learning Guide (SearchSAP.com)
Learning Guide>SAP RFID Learning Guide (SearchSAP.com)
Learning Guide>BAPI Learning Guide (SearchSAP.com)
Learning Guide>Basis Learning Guide (SearchSAP.com)
Learning Guide>Firewall Resource Guide (SearchSecurity.com)
Learning Guide>HIPAA Learning Guide (SearchSecurity.com)
Learning Guide>VoIP Security Resource Guide (SearchSecurity.com)

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Building security into the SDLC (Software development life cycle)
	Application security careers have bright future
	Writing software requirements that address security issues
	Software Security Engineering: A Guide for Project Managers -- Chapter 3, Requirements Engineering for Secure Software
	PCI DSS compliance: Web application firewall or code review?
	Application security enters uncharted regions
	How to prevent XPath injection
	Developers get bigger role in software quality, security
	InfoSecurity 2008 Threat Analysis, Chapter 4: XSS Theory
	How to prevent anti-DNS pinning attacks
	Java application security features and measures

Threat modeling

The essentials of Web application threat modeling

How to implement security in Java EE and Java ME

Application security shouldn't involve duct tape, Band-Aids or bubble gum

Stop SQL injection attacks on applications

How to counter XSS attacks

Breaking the same origin barrier of JavaScript

Protection against "zero-minute" exploits

Denial of service and Ajax

CSRF attack vector with Ajax serialization

Application security in 2007: What you need to know

Software security testing and techniques

The realities of using WAFs for PCI DSS 6.6 compliance

The realities of PCI DSS 6.6 application code reviews

Ruby on Rails security audit service available

Application security careers have bright future

Secure software measures: Their strengths and limitations

PCI DSS compliance: Web application firewall or code review?

Web application security testing basics

Getting started with Web application misuse cases

OWASP kicks off Summer of Code 2008

Video: Classification, detection of application backdoor attacks

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

SEARCH

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2006 - 2008, TechTarget \| Read our Privacy Policy