The German SAP User Group (DSAG) recently released a best practices guideline for ABAP development*. It provides valuable technical content mixed with practical recommendations how to set up and maintain a process for “ABAP quality”. This new guideline for the first time delivers a holistic view on ABAP development.
“Security & Compliance” is covered with its own chapter, alongside “common” ABAP quality chapters (such as performance, robustness, documentation and naming conventions).
The guideline points out that security vulnerabilities caused by poor ABAP code not only put a company’s IP and reputation at risk, but can also have compliance implications. The guideline points to the BIZEC APP/11** standard – the most dangerous and most common security defects observed in ABAP code – in order to given companies an idea which security tests to cover at minimum in an ABAP security project / guideline.
The DSAG guideline also describes how to establish ABAP quality standards in a company and how a QA process should be set up. I like to highlight the best practice “Companies should not define requirements that cannot be automatically checked for compliance by a tool”. Because only requirements that can be checked will ensure user acceptance and the success of a QA standard.
All in all a great 360° overview of ABAP code quality and security best practices, that enable quality-minded companies and organizations to build ABAP development strategies that are (and stay) state-of-the-art. Unfortunately (for some) it is only available in German at present. But if you ever wondered, why you should learn German: here is a reason…