Security in SAP MTA and CAPM

Preface – This post is part of the SAP Multi-Target Application (MTA) and SAP CAPM series.


In SAP CAPM and MTA, the security can be taken care using the implementation of best SAP standard practices and using SAP Infrastructure. The entire application is divided into multiple layers such that the user cannot access the database layer or business logic directly from the browser.


The implementation is an important aspect of security execution. That’s why it has been divided into multiple parts:

  • Development

The role of the developer is to implement the security aspects wherever required. In case any external API is implemented, he must get it reviewed. Also, in case if a security issue is found, then a proper solution is provided to the developer, and he must implement the same.

  • Review

The role of the reviewer is to analyze the security of the infrastructure and the services within it. Once the developer completes its development, the entire project is once reviewed and then sent to the tester for further analysis.

  • Penetration Testing

The penetration testing team performs pen tests using different scenarios and possible ways of intrusion. Based on their analysis, either they mark it passed or come back with issues. These issues are then checked by developers and, once solved, again tested by the tester until the entire application is secure.


Use Case in CAPM and MTA

Malware check-in Server-Side

With the help of a malware scanner in Node.js, the documents and files sent to the server are scanned before passing them to the database.

Encryption & Decryption in Server and Client-side

The passwords and other important data are encrypted using a standard encryption mechanism

Destination in Cloud platform

Destination in Cloud platform not only helps in implementation of CORS services but also hides the visibility of important service location from users

Role-based access

The role-based access helps the developer to keep the data safe from unwanted users. The roles are specific to an application, and it is mandatory for the user to have it for access.


  • Barry Allen

    A Full Stack Developer with 10+ years of experience in different domain including SAP, Blockchain, AI and Web Development.

    View all posts


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.