Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Security Assessment Research and Development

Former Member

‎11-08-2008 9:32 AM

0 Kudos

Hi All,

I am writing a SAP Self Security Assessment Framework. This will be released publicly for SAP security community to use. The framework will be a step-by-step guide for security assessment. It will be written in a manner which anyone new to SAP can take it and use it for SAP Security Assessment. I have already done some work on this and it can be downloaded from here:

[http://www.oissg.org/technical-controls-assessment/sap-security-assessment-framework/download.html]

There is good work done by various people on SAP security. I do see a value addition in consolidating existing work done, adding new controls where work is not done and researching new ways to implement controls.

This effort will be tightly integrated with Information Systems Security Assessment Framework (ISSAF).

ISSAF is an end-to-end framework for information security assessment. The ISSAF aims to provide a single point of reference for professionals involved in security assessment; it reflects and addresses the practical issues of security assessment. ISSAF can be downloaded from [www.oissg.org/d/i003]

ISSAF has already done work related to network, database and application security assessment. Our effort is to use the existing work of ISSAF and align it with SAP.

This forum is the most active and powerful forum on SAP security. Qualified contributors will have access to our resources which includes books, research lab etcu2026

Any help on this community initiative will be highly appreciated.

Best regards,

Jagadeesh

p.s. The excel sheet (sap security 0.2.xls) uploaded above doesnu2019t have few references mentioned which will be done in next two days when I post updated sheet.

4 REPLIES 4

Former Member

‎11-09-2008 9:50 PM

0 Kudos

I think such things are good initiatives and I maintained a similar "box of tricks" once which I hardly ever use now, so I would also like to be honest with you...

You will need to put a lot more effort into your xls spreadsheet to start with before this framework and resource center (one of many!) will attract additional contributors to make it a central point of contact on the subject of SAP security. In fact this sounds like marketing jargon, and advertising is against the forum rules here on SDN.

> It will be written in a manner which anyone new to SAP can take it and use it for SAP Security Assessment.

In my opinion, anyone new in SAP Security should first take a training course and get hold of an IDES system to practice on.

I think you should take a thorough look at some of the other resources available already before deciding how to embark on this task.

You certainly wouldn't want it to be redundant and (release dependently) obsolete, and therefore incorrect even, by the time you finish it.

Your xls spreadsheet in it's current form does not look like a good strategy to me...

Just being honest,

Julius

Former Member
In response to Former Member

‎11-13-2008 10:56 AM

0 Kudos

Julius,

Many thanks for detailed response to this post, I appreciate it.

I respect your views; I will work more on it and will share with you to take your opinion further.

Thanks again Julius,

Best regards,

Jagadeesh

Former Member
In response to Former Member

‎11-13-2008 11:01 AM

0 Kudos

Good luck!

ps: Can you speak German? There was a recent comprehensive publication by the German SAP User Group's committee for Data Protection which is very good.

Cheers,

Julius

Former Member
In response to Former Member

‎05-23-2016 7:28 AM

0 Kudos

This message was moderated.