Advisories

Weaknesses

Fixes

Requirements

Compliance

BIZEC-APP

Summary

The BIZEC APP/11 standard comprises the most critical and the most common security defects and technical risks in SAP ABAP applications. This version corresponds to the year 2012.

Definitions

Definition	Requirements
BIZEC-APP-01. ABAP command injection	173. Discard unsafe inputs
BIZEC-APP-02. OS command injection	169. Use parameterized queries 173. Discard unsafe inputs
BIZEC-APP-03. Native SQL injection	173. Discard unsafe inputs
BIZEC-APP-04. Improper authorization (missing, broken, proprietary, generic)	033. Restrict administrative access 095. Define users with privileges 096. Set user's required privileges
BIZEC-APP-05. Directory traversal	185. Encrypt sensitive information 224. Use secure cryptographic mechanisms 348. Use consistent encoding
BIZEC-APP-06. Direct database modifications	169. Use parameterized queries 173. Discard unsafe inputs 301. Notify configuration changes 035. Manage privilege modifications
BIZEC-APP-07. Cross-client database access	142. Change system default credentials 152. Reuse database connections 172. Encrypt connection strings
BIZEC-APP-08. Open SQL injection	169. Use parameterized queries 173. Discard unsafe inputs

Last updated

2023/09/18