BIZEC-APP

Summary

The BIZEC APP/11 standard comprises the most critical and the most common security defects and technical risks in SAP ABAP applications. This version corresponds to the year 2012.

Definitions

Definition	Requirements
APP-01. ABAP command injection	173. Discard unsafe inputs
APP-02. OS command injection	169. Use parameterized queries 173. Discard unsafe inputs
APP-03. Native SQL injection	173. Discard unsafe inputs
APP-04. Improper authorization (missing, broken, proprietary, generic)	033. Restrict administrative access 095. Define users with privileges 096. Set user's required privileges
APP-05. Directory traversal	185. Encrypt sensitive information 224. Use secure cryptographic mechanisms 348. Use consistent encoding
APP-06. Direct database modifications	035. Manage privilege modifications 169. Use parameterized queries 173. Discard unsafe inputs 301. Notify configuration changes
APP-07. Cross-client database access	142. Change system default credentials 152. Reuse database connections 172. Encrypt connection strings
APP-08. Open SQL injection	169. Use parameterized queries 173. Discard unsafe inputs

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.

BIZEC-APP | Compliance | Fluid Attacks Help

BIZEC-APP

Summary

Definitions