SAP ABAP Security Fundamentals  – That Developers
& Application Security Experts
Need To Know

Live Online Training
Fundamentals of Securing ABAP® Based Business Applications

This class teaches you how to look for security vulnerabilities in ABAP® based business applications, understanding their root causes, what to do when you find them, and how to avoid creating them. In two four-hour sessions you will learn to detect code security flaws in the ABAP® programming language that result in software vulnerabilities. A live instructor will guide you through seven different security modules providing insight from both the attackers and defenders perspectives covering the combination of the most severe and most common security flaws in ABAP® applications. Topics are broken down into bite-sized concepts followed by real-world exercises that allow you to directly apply what you’ve learned.
Duration

7 hours

Live instructor

Learners

Maximum 14 Learners

Access and Infrastructure

Certification

 Certificate Upon Completion

Price

€ 700
per learner

Who’s a Good Fit

 ABAP® Developer
 Developer Consultant
Code Security Consultant
Application Security Expert

A Taste of What You Will Learn:

  • You will learn the prevailing security flaws and threats facing ABAP® code and the most important drivers of security and their opponents within SAP environments
  • Learn how to perform a code vulnerability analysis to identify and classify flaws then prioritize which ones to tackle first. In addition, you will gain a deeper understanding of how to resolve vulnerabilities in-line with best practices
  • You will gain a deeper understanding of  processes, controls, and techniques that help you develop more secure code from the beginning
  • Learn which security flaws need to be communicated to stakeholders during the software development life-cycle and the best way to get in the habit of notifying others about missing or insufficient security requirements and design flaws in the review and testing phases

Course Information

Overview
Who's a Good Fit
Prerequisites
Practice Environment Tools

SAP Operations

  • ABAP® Developer
  • Developer Consultant

IT Security

  • Code Security Consultant
  • Application Security Expert

Who Else Might Be A Good Fit

If you're working as a penetration tester, or IT auditor and want to understand more in detail what risk an SAP system can expose by security flaws in ABAP® applications this training will provide you insights to broaden your assessment scope and enable you to create more specific risk advise and remediation recommendation. 

NIST/NICE Cybersecurity Workforce Framework Work Roles

Work Role TitleWork Role ID
SAP Software DeveloperSP-DEV-001
SAP Secure Software AssessorSP-DEV-002
SAP Information Systems Security Developer SP-SYS-001
SAP Systems Developer SP-SYS-002
SAP Security Control AssessorSP-RSK-002

Mandatory:

  • General knowledge on application software programming

Recommended:

  • Basic understanding of SAP remote services and their security constraints
  • Fundamental knowledge of SAP ABAP® security design flaws

Helpful:

  • Common knowledge about SAP NetWeaver® based ABAP® application programming

SAP Security Training Overview

Number of Modules: 7
Duration: 2 half-days, 7 hours total, (day 1 9:00 - 13:00, day 2 9:00 - 12:00)
Class Size: 7-14 participants per class
Investment: €700 per person (excluding taxes)
Software Version: Unrestricted
Instructor: Marco Hammel
Modules Covered in Online Class:
  • Fundamental aspects of code security for ABAP® applications
  • Fundamental protection concepts for ABAP® applications
  • Directory/Path Traversal Vulnerabilities
  • OS Command Injection Vulnerabilities
  • Dynamic Execution Vulnerabilities
  • SQL Injections Vulnerabilities
  • ABAP® Code Injection Vulnerabilities
 *NO MONKEY SAP Security training content is referenced to existing standards for application security such as OWASP, NIST, and SAP recommendations.

Standard:

For this course you will use a lab environment hosted by us to practice. The lab provides access to an SAP S/4HANA® system running real-world related ABAP® applications with the vulnerabilities we're to learn about. You can access to environment by a virtual desktop system with all necessary tools installed.

In addition you will need:

  • HTML 5 ready Browser preferably Edge, Chrome, Firefox 
  • (Optional) Zoom client