Preface – This post is part of the SAP Multi-Target Application (MTA) and SAP CAPM series.
Table of Contents
In SAP CAPM and MTA, the security can be taken care using the implementation of best SAP standard practices and using SAP Infrastructure. The entire application is divided into multiple layers such that the user cannot access the database layer or business logic directly from the browser.
The implementation is an important aspect of security execution. That’s why it has been divided into multiple parts:
The role of the developer is to implement the security aspects wherever required. In case any external API is implemented, he must get it reviewed. Also, in case if a security issue is found, then a proper solution is provided to the developer, and he must implement the same.
The role of the reviewer is to analyze the security of the infrastructure and the services within it. Once the developer completes its development, the entire project is once reviewed and then sent to the tester for further analysis.
- Penetration Testing
The penetration testing team performs pen tests using different scenarios and possible ways of intrusion. Based on their analysis, either they mark it passed or come back with issues. These issues are then checked by developers and, once solved, again tested by the tester until the entire application is secure.
Use Case in CAPM and MTA
Malware check-in Server-Side
With the help of a malware scanner in Node.js, the documents and files sent to the server are scanned before passing them to the database.
Encryption & Decryption in Server and Client-side
The passwords and other important data are encrypted using a standard encryption mechanism
Destination in Cloud platform
Destination in Cloud platform not only helps in implementation of CORS services but also hides the visibility of important service location from users
The role-based access helps the developer to keep the data safe from unwanted users. The roles are specific to an application, and it is mandatory for the user to have it for access.