Home
Topics
Software Requirements Best Practices
Building security into the SDLC (Software development life cycle)
SAP application security learning guide

SAP application security learning guide

This guide was created in partnership between:

If you're like most IT professionals, security is at the forefront of your concerns. This learning guide

Requires Free Membership to View

Login

By submitting you agree to receive email communications from
TechTarget and its partners. Privacy Policy Terms of Use.

pulls SAP security and application security information from both SearchSAP.com and its sister site, SearchAppSecurity.com, to provide the most comprehensive resource around. Discover valuable tips, expert advice and step-by-step guides to help you establish security best practices. Most importantly, you can rest easy, knowing your SAP system and applications are secure.

Also, don't forget to send us an e-mail to let us know what other resource guides you'd like to see on SearchSAP.com.

Best regards,
The editors of SearchSAP.com and SearchAppSecurity.com

TABLE OF CONTENTS

   Fundamentals of SAP security and app security
   Threats to security
   Analysis
   Action
   More Learning Guides

Fundamentals of SAP security and app security

[Return to Table of Contents]

Featured Topic>Securing SAP (SearchSAP.com)

Featured Topic>SAP security (SearchSAP.com)

Guide>SAP Security Learning Guide (SearchSAP.com)

Report>Securing applications -- The new frontier in security (SearchAppSecurity.com)

Report>About the Open Web Application Security Project (SearchAppSecurity.com)

Q&A>Keep the bad guys out: Build security into the SDLC (SearchAppSecurity.com)

Expert advice>SAP security vs. others (SearchSAP.com)

Expert advice>Best security practices for large SAP installations (SearchSAP.com)

Expert advice>Common SAP security practices (SearchSAP.com)
Expert advice>Basics of application security (SearchSecurity.com)

Quiz>Web application threats and vulnerabilities (SearchSecurity.com)

Article>Are you using security technology effectively? (SearchSecurity.com)

Threats to security

[Return to Table of Contents]

Web application threats

Featured Topic>How to counter cross-site scripting attacks (SearchAppSecurity.com)

Featured Topic>Don't become a victim of SQL injection (SearchAppSecurity.com)

Tip>Deal with cross-site scripting (SearchAppSecurity.com)

Tip>Anatomy of a hack: Cross-site scripting (SearchAppSecurity.com)

Chapter>OWASP Guide to Building Secure Web Applications, 11: Session Management (SearchAppSecurity.com)

Chapter>OWASP Guide to Building Secure Web Applications, 12: Data Validation (SearchAppSecurity.com)

Chapter>OWASP Guide to Building Secure Web Applications, 13: Interpreter Injection (SearchAppSecurity.com)

Chapter>OWASP Guide to Building Secure Web Applications, 15: Error Handling, Auditing and Logging (SearchAppSecurity.com)
Chapter>OWASP Guide to Building Secure Web Applications, 17: Buffer Overflows (SearchAppSecurity.com)

Chapter>OWASP Guide to Building Secure Web Applications, 19: Cryptography (SearchAppSecurity.com)

Chapter>OWASP Guide to Building Secure Web Applications, 20: Configuration (SearchAppSecurity.com)

Chapter>OWASP Guide to Building Secure Web Applications, 22: Denial of Service Attacks (SearchAppSecurity.com)

Q&A>Automated SQL injection: What your enterprise needs to know -- Part 2 (SearchSecurity.com)

Authentication and Authorization

Tip>SAP authorizations (SearchSAP.com)
Tip>Parameters for establishing SAP password policies (SearchSAP.com)
Tip>Securing Web apps against authenticated users (SearchAppSecurity.com)
Tip>Authentication and access (SearchSecurity.com)
Featured Topic>SAP passwords revealed (SearchSAP.com)
Expert advice>SAP authorization and security classes (SearchSAP.com)
Expert advice>Assigning limited password reset-authority (SearchSAP.com)
Quiz>Secure passwords (SearchSecurity.com)
Quiz>Authentication methods (SearchSecurity.com)

Web services

Expert advice>Why do Web services impact security? (SearchAppSecurity.com)

Featured Topic>SAP security (SearchSAP.com)

Chapter>OWASP Guide to Building Secure Web Applications, 8: Web Services (SearchAppSecurity.com)

News>January, 2006: Put Web services security on front burner (SearchAppSecurity.com)

News>January, 2006: Analyst: Start thinking Web services security now (SearchWebServices.com)

News>October, 2005: Web services security specs hit the standards track (SearchWebServices.com)

News>August, 2005: Web services security standards to establish trust (SearchWebServices.com)

News>July, 2005: Web services security getting greater scrutiny (SearchWebServices.com)

Analysis

[Return to Table of Contents]

SAP vulnerability analysis

Featured Topic>Securing SAP (SearchSAP.com)

Expert advice>Security concerns when upgrading from v.3.1 to v.4.6x (SearchSAP.com)

Expert advice>Was a security role removed in R/3 Enterprise? (SearchSAP.com)

Expert advice>What's the best tool to get started on security testing? (SearchAppSecurity.com)

Expert advice>Are my apps secure? (SearchAppSecurity.com)

Expert advice>Reason for application vulnerabilities (SearchAppSecurity.com)

Tip>Establishing security parameters (SearchSAP.com)

Tip>Are you leaving your apps open to attack? (SearchAppSecurity.com)

Tip>Judicious use of tips (SearchSAP.com)

News>November, 2005: Flaw opens SAP Web Application Server to phishing scams (SearchSAP.com)

News>July, 2005: Customers warned of critical SAP flaw (SearchSAP.com)

News>Feb, 2006: Web application firewalls critical piece of the app security puzzle (SearchAppSecurity.com)

Standards and Regulations

Guide>SOX Security School (SearchSecurity.com)

Guide>Compliance management (SearchSAP.com)

Quiz> Compliance (SearchSecurity.com)

News>March, 2005: SAP to bolster compliance with reseller partnership (SearchSAP.com)

RFID

Featured Topic>RFID on the rise? (SearchSAP.com)
Guide>SAP RFID (SearchSAP.com)
Expert advice>Is RFID ready for primetime? (SearchSAP.com)
Q&A>Face-off: Debating RFID (SearchSAP.com)
Q&A>RFID secrets: SAP customers ready systems for RFID (SearchSAP.com)

News>April, 2005: Suppliers must look beyond RFID compliance, analyst says (SearchSAP.com)

News>April, 2005: SAP advises to take RFID one step at a time (SearchSAP.com)
News>April, 2005: Will new RFID technology help or hinder security? (SearchSecurity.com)

Action

[Return to Table of Contents]

Countermeasures

Expert advice>What kinds of app security tools are there? (SearchAppSecurity.com)

Tip>Defense tactics for SQL injection attacks (SearchSecurity.com)

Vulnerability management

Guide>Compliance management (SearchSAP.com)

Expert advice>Establishing security parameters (SearchSAP.com)

Expert advice>Mass changing of SAP passwords (SearchSAP.com)

Expert advice>Best practices for managing secure Web server configurations (SearchAppSecurity.com)

Expert advice>Beware: Security testing tools won't find everything (SearchAppSecurity.com)

Expert advice>Best practices for password protection (SearchSecurity.com)

Tip>Introduction to J2EE-based WebSphere security (SearchAppSecurity.com)

Disaster recovery

Tip>Disaster recovery (SearchSAP.com)

Tip>Disaster recover spending -- How much is enough? (SearchSAP.com)

Tip>BCP plans key to emergency planning (SearchSAP.com)

Guide>Disaster recovery: Are you prepared? (SearchSAP.com)

Article>Patching the patch process (SearchSAP.com)

Q&A>How to survive a data breach (SearchSecurity.com)

Tip>Concerns raised on tape backup methods (SearchSecurity.com)
Tip>Restore a back-up tape and recover usable data (SearchSecurity.com)

Tip>Disaster recovery/business continuity plans (SearchSecurity.com)

Webcast>Evaluating and using wireless to enable crisis management (SearchSecurity.com)

Deploying applications securely

White paper>The do's and don'ts of SAP security (SearchSAP.com)

Expert advice>What is the best way to encrypt messages? (SearchSAP.com)

Guide>SearchSecurity.com's Web Security School (SearchSecurity.com)

News>August, 2005: Dos and don'ts: Ensuring apps security from the get-go (SearchOpenSource.com)

Incorporating security in the software development lifecycle

Q&A>Keep the bad guys out: Build security into the SDLC (SearchAppSecurity.com)

News>January, 2006: Incorporation of security in development lifecycle sea of change (SearchAppSecurity.com)

News>January, 2006: Build accountability for security into the development process (SearchAppSecurity.com)

Expert advice>Are development security tools necessary? (SearchAppSecurity.com)

More learning guides

[Return to Table of Contents]

Learning Guide>SAP Security Learning Guide (SearchSAP.com)

Learning Guide>Top 10 most critical Web application security vulnerabilities (SearchAppSecurity.com)

Learning Guide>SAP CRM Learning Guide (SearchSAP.com)

Learning Guide>ERP guide for the midmarket (SearchSAP.com)
Learning Guide>SAP Job Seeker's Learning Guide (SearchSAP.com)
Learning Guide>SAP Career Advancement Learning Guide (SearchSAP.com)
Learning Guide>SAP NetWeaver Learning Guide (SearchSAP.com)
Learning Guide>SAP BW Learning Guide (SearchSAP.com)
Learning Guide>Business Intelligence (BI) Learning Guide (SearchSAP.com)
Learning Guide>SAP HR Learning Guide (SearchSAP.com)
Learning Guide>SAP XI Learning Guide (SearchSAP.com)
Learning Guide>SAP RFID Learning Guide (SearchSAP.com)
Learning Guide>BAPI Learning Guide (SearchSAP.com)
Learning Guide>Basis Learning Guide (SearchSAP.com)
Learning Guide>Firewall Resource Guide (SearchSecurity.com)
Learning Guide>HIPAA Learning Guide (SearchSecurity.com)
Learning Guide>VoIP Security Resource Guide (SearchSecurity.com)

More News and Tutorials

Articles

Related glossary terms

Terms for Whatis.com - the technology online dictionary
- virtual patching
- SQL injection

This was first published in February 2006

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

All fields are required. Comments will appear at the bottom of the article.

More from Related TechTarget Sites

SOA
Java
Windows Development
Oracle
Cloud computing
Business Analytics

SOA
- Quiz: How much do you know about NoSQL databases?
  
  Test your NoSQL knowledge with this five-question quiz.
- Architects can meet mobile user needs by altering mindset
  
  Smartphones, tablets and desktop computers don't just differ in screen size; they are different form factors.
- Tools and practices to create a meaningful SOA ALM process
  
  To create a meaningful SOA ALM process, architects have to remember modern apps are increasingly using components.
Java
- Inside advice on the use of Platform as a Service in the enterprise
  
  CloudBees founder and CEO Sacha Labourey answers tough questions and hands out practical advice about PaaS and how it works in the enterprise.
- How skilled portlet developers make the portal strategy work
  
  Portals are providing more value than ever, and having skilled portlet developers on staff brings the technology to new levels.
- Five portlet development tips software engineers can't ignore
  
  Here are five quick portlet development tips that software engineers will find helpful as they develop applications for the portal.
Windows Development
- Native versus JavaScript/HTML5 development for Window 8 apps
  
  Learn the advantages and disadvantages in using HTML5/JavaScript for deployment.
- Technology Priorities for 2012
  
  Each year TechTarget surveys thousands of IT professionals around the world on their company’s forecasts for the coming year. As IT budgets continue through the strain of trying to align themselves with businesses trying to recover from the global recession, the direction of IT’s newest technologies may surprise you.
- Where can I find Visual Basic 6.0 DataEnvironment code samples?
  
  Get information on the best places to find Visual Basic DataEnvironment 6.0 code samples.
Oracle
- Script writing rules for Oracle Hyperion Financial Management
  
  Accountants hate having to play with scripts. In this tip, TopDown Consulting explains how to build script rules so that accountants don't have to.
- Domain-specific Oracle master data management
  
  Oracle master data management products are starting to merge various data management hubs, which is a help in particular vertical industries.
- Privileged user management a must for DBAs
  
  Trust, but verify. Ronald Reagan made it popular, and it's certainly relevant for DBAs in today's consolidated, virtualized IT world.
Cloud computing
- Interest in private clouds grows as market matures
  
  Growing interest in private clouds reflects an improved understanding of cloud computing among IT pros, experts say.
- Building a cloud ecosystem with open source software
  
  The open source community fosters innovation in the name of cloud. OW2's Cédric Thomas talks of 'coopitition' and the open source cloud revolution.
- Sequestration stymies federal government cloud ambitions
  
  The federal government is under mandates to consolidate data centers and deliver IT as a Service, but sequestration makes this easier said than done.
Business Analytics
- Match in-memory processing speed to big data analytics business need
  
  Michael Minelli, co-author of a book on big data analytics, says in-memory analytics tools must be tied to business processes to pay off for users.
- MIT panelists: Big data calls for data-driven decision making skills
  
  C-level execs need to develop better decision making skills to capitalize on big data technology, said speakers at the 2013 MIT Sloan CIO Symposium.
- In-memory analytics tools pack potential big data punch
  
  The faster analytics performance spurred by in-memory technology can help companies capitalize on big data, but there are barriers to be aware of.

All Rights Reserved,Copyright 2006 - 2013, TechTarget