SAP ABAP Security Fundamentals  – That Developers & Application Security Experts Need To Know

Live Online Training
Fundamentals of Securing ABAP® Based Business Applications

This class teaches you how to look for security vulnerabilities in ABAP® based business applications, understanding their root causes, what to do when you find them, and how to avoid creating them. In two four-hour sessions you will learn to detect code security flaws in the ABAP® programming language that result in software vulnerabilities. A live instructor will guide you through seven different security modules providing insight from both the attackers and defenders perspectives covering the combination of the most severe and most common security flaws in ABAP® applications. Topics are broken down into bite-sized concepts followed by real-world exercises that allow you to directly apply what you’ve learned.


7 hours

Live instructor


Maximum 14

Access and Infrastructure


 Certificate Upon Completion


April 17th, 2023

Who’s a Good Fit

 ABAP® Developer

 Developer Consultant

Code Security Consultant

Application Security Expert

A Taste of What You Will Learn:

  • You will learn the prevailing security flaws and threats facing ABAP® code and the most important drivers of security and their opponents within SAP environments
  • Learn how to perform a code vulnerability analysis to identify and classify flaws then prioritize which ones to tackle first. In addition, you will gain a deeper understanding of how to resolve vulnerabilities in-line with best practices.
  • You will gain a deeper understanding of  processes, controls, and techniques that help you develop more secure code from the beginning.
  • Learn which security flaws need to be communicated to stakeholders during the software development life-cycle and the best way to get in the habit of notifying others about missing or insufficient security requirements and design flaws in the review and testing phases.

Course Information

Who's a Good Fit
Practice Environment Tools

SAP Security Training Overview

Number of Modules: 7
Duration: 2 half-days, 7 hours total, (day 1 9:00 - 13:00, day 2 9:00 - 12:00)
Class Size: 7-14 participants per class
Investment: 700 EUR per person taxes excluded
Software Version: Unrestricted
Instructor: Marco Hammel

Modules Covered in Online Class:

  • Fundamental aspects of code security for ABAP® applications
  • Fundamental protection concepts for ABAP® applications
  • Directory/Path Traversal Vulnerabilities
  • OS Command Injection Vulnerabilities
  • Dynamic Execution Vulnerabilities
  • SQL Injections Vulnerabilities
  • ABAP® Code Injection Vulnerabilities

 *NO MONKEY SAP Security training content is referenced to existing standards for application security such as OWASP, NIST, and SAP recommendations.

SAP Operations

  • ABAP® Developer

  • Developer Consultant

IT Security

  • Code Security Consultant

  • Application Security Expert

NIST/NICE Cybersecurity Workforce Framework Work Roles
Work Role Title Work Role ID
SAP Software Developer SP-DEV-001
SAP Secure Software Assessor SP-DEV-002
SAP Information Systems Security Developer SP-SYS-001
SAP Systems Developer SP-SYS-002
SAP Security Control Assessor SP-RSK-002

Who Else Might Be A Good Fit

  • If you're working as a penetration tester, or IT auditor and want to understand more in detail what risk an SAP system can expose by security flaws in ABAP® applications this training will provide you insights to broaden your assessment scope and enable you to create more specific risk advise and remediation recommendation. 


  • General knowledge on application software programming


  • Basic understanding of SAP remote services and their security constraints
  • Fundamental knowledge of SAP ABAP® security design flaws


  • Common knowledge about SAP NetWeaver® based ABAP® application programming

For this course you will use a lab environment hosted by us to practice. The lab provides access to an SAP S/4HANA® system running real-world related ABAP® applications with the vulnerabilities we're to learn about. You can access to environment by a virtual desktop system with all necessary tools installed.

In addition you will need:

HTML 5 ready Browser preferably Edge, Chrome, Firefox 

(Optional) Zoom client