Improve the quality and security of existing and new ABAP code.
Xiting ABAP Alchemist
ABAP Alchemist can help you optimize custom ABAP code and make recommendations for missing authorization checks. The built-in API Finder helps developers find standard SAP functions (e.g., BAPIs) that can be easily reused in custom code, thereby reducing the risk of introducing redundant code that might contain vulnerabilities.
ABAP Alchemist also offers recommendations for implementing additional security checks that have not been implemented within the source code. Possible weaknesses can be identified and remediated based on suggested improvements, and potential security gaps can then be closed.
Despite best practice guidelines and certain tools provided by SAP, developing custom applications introduces risk to your SAP landscape. With self-developed applications, correct authorization assignment is difficult if the developer did not implement the proper authority checks in the source code. However, the existence and accuracy of authority checks in the source code is essential to provide proper access control in SAP.
Granular access control of authorizations is only possible after security checks have been established and optimized in your custom applications. But traditional code scanning techniques only tend to focus on identifying classic coding errors, without providing sufficient information to developers and role administrators about how to fix the resulting authorization issues.
Call Stack Analysis
One of the many valuable features of ABAP Alchemist is the call stack analysis. It allows you to examine code that goes beyond the boundaries of the selected object. For example, ABAP Alchemist can scan a transaction code (TCODE) as well as any programs, functions and classes that are part of the call stack.
As a result, ABAP Alchemist supports both developers and authorization administrators in identifying encapsulated functions within the source code.
The integrated optimization function for SAP’s authorizations proposals database (SU24) allows you to compare and maintain suggested values for analyzed development objects based on the security checks contained in the code. As a result, you can keep your SU24 database properly maintained, which increases transparency and role maintainability.
Flexible configuration options that allow you to define the scanning scope and the depth of the scan (call stack) make ABAP Alchemist a favorite tool among developers and role admins. Predefined checks can be used on a recurring basis and serve as a proactive measure within an internal control system (ICS).