Preface – This post is part of the SAP Multi-Target Application (MTA) and SAP CAPM series.
Table of Contents
Introduction
In SAP CAPM and MTA, the security can be taken care using the implementation of best SAP standard practices and using SAP Infrastructure. The entire application is divided into multiple layers such that the user cannot access the database layer or business logic directly from the browser.
Implementation
The implementation is an important aspect of security execution. That’s why it has been divided into multiple parts:
- Development
The role of the developer is to implement the security aspects wherever required. In case any external API is implemented, he must get it reviewed. Also, in case if a security issue is found, then a proper solution is provided to the developer, and he must implement the same.
- Review
The role of the reviewer is to analyze the security of the infrastructure and the services within it. Once the developer completes its development, the entire project is once reviewed and then sent to the tester for further analysis.
- Penetration Testing
The penetration testing team performs pen tests using different scenarios and possible ways of intrusion. Based on their analysis, either they mark it passed or come back with issues. These issues are then checked by developers and, once solved, again tested by the tester until the entire application is secure.
Use Case in CAPM and MTA
Malware check-in Server-Side
With the help of a malware scanner in Node.js, the documents and files sent to the server are scanned before passing them to the database.
Encryption & Decryption in Server and Client-side
The passwords and other important data are encrypted using a standard encryption mechanism
Destination in Cloud platform
Destination in Cloud platform not only helps in implementation of CORS services but also hides the visibility of important service location from users
Role-based access
The role-based access helps the developer to keep the data safe from unwanted users. The roles are specific to an application, and it is mandatory for the user to have it for access.
English
Afrikaans
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bengali
Bosnian
Bulgarian
Catalan
Cebuano
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
Esperanto
Estonian
Filipino
Finnish
French
Frisian
Galician
Georgian
German
Greek
Gujarati
Haitian Creole
Hausa
Hawaiian
Hebrew
Hindi
Hmong
Hungarian
Icelandic
Igbo
Indonesian
Irish
Italian
Japanese
Javanese
Kannada
Kazakh
Khmer
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latin
Latvian
Lithuanian
Luxembourgish
Macedonian
Malagasy
Malay
Malayalam
Maltese
Maori
Marathi
Mongolian
Myanmar (Burmese)
Nepali
Norwegian
Pashto
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Samoan
Scottish Gaelic
Serbian
Sesotho
Shona
Sindhi
Sinhala
Slovak
Slovenian
Somali
Spanish
Sundanese
Swahili
Swedish
Tajik
Tamil
Telugu
Thai
Turkish
Ukrainian
Urdu
Uzbek
Vietnamese
Welsh
Xhosa
Yiddish
Yoruba
Zulu
0 Comments