Buffer Analysis
What is the structure of SAP Basis?
An important area of SAP Security is the analysis of the customer's own SAP programs, which are classically written in the proprietary SAP language ABAP. Here, too, as in all programming languages, security vulnerabilities can be programmed - whether consciously or unconsciously. However, the patterns of security vulnerabilities in ABAP code differ from those in Java stacks or Windows programs. The goal of these conventional programs is usually to either crash the program (buffer overflow) or to artificially execute the program's own code (code injection). Both is not possible in ABAP, since a crash of a process causes nothing else than the creation of an entry in the log database (Dump ST22) and a subsequent termination of the report with return to the menu starting point. So a direct manipulation as in other high level languages or servers is not possible. However, there are other manipulation possibilities.
Depending on whether the user should edit or display the table, either "UPDATE" or "SHOW" can be used here. Enter an X as the value. It is important to use either"'SHOW" or "UPDATE" because a combination will cause an error when calling the parameter transaction. In addition, the table must set the view to be called. Use the "VIEW" field. Finally, the parameter transaction can be created using the "Save" button. As usual, it must be assigned to a package and a workbench order to become available. If a person's role is now assigned permission for this parameter transaction, it can open the specified view above it and does not have the ability to enter all possible views in the SM30.
SAP Development
Information technology plays an even more important role in the age of digitalisation. Innovation without IT is unimaginable. But it is not just technology itself, but also how it is delivered that matters. The SAP basis sees itself as a partner and contact for new SAP technologies. Further details on the recommendation can be found in the Master's thesis in chapters 7.5 and 9.3.
"Shortcut for SAP Systems" simplifies tasks in the area of the SAP basis and complements missing functions of the standard.
The website "www.sap-corner.de" offers many useful information about SAP basis.
This transaction is transferred to the network or to the miner and is checked for correctness first.