In SAP systems, ABAP serves as an indispensable tool for building functional extensions. This flexibility allows organisations to tailor SAP to their specific business processes. However, the same flexibility that makes SAP an indispensable business tool is also a source of numerous threats, the scale of which is often underestimated.
“Many organisations live in blissful ignorance of the fact that the biggest threat to their SAP system may already reside within it, in the form of poorly written ABAP code” - says Jacek Bugajski, CEO of SNOK. “Treating ABAP code security as a marginal issue is a serious mistake that can have far-reaching business consequences. There is not a week without news of new vulnerabilities that could have been eliminated at an early stage.”
Why is ABAP code a critical security point?
In SAP systems, key business processes are often handled by custom ABAP programs. The specific requirements unique to each organisation mean that almost every SAP installation holds large volumes of proprietary code, known as Z-programs. According to SecurityBridge analyses, 9 out of 10 companies using SAP make numerous programming changes, which significantly increases the risk of security vulnerabilities in their infrastructure.
In practice, this can mean accidental data disclosure, the possibility of Remote Code Execution, or even a complete halt to a company’s operations. According to an ITwiz report, a successful attack on an SAP system can bring any business to a standstill, regardless of its size or sector. The scale and significance of these threats are often underestimated by organisations that fail to recognise how fragile their IT ecosystem is and how easily serious security breaches can occur.
Common threats hidden in ABAP code
The most frequently occurring issues include:
-
Introducing unsecured SQL statements (SQL Injection)
-
Hardcoding login credentials (hardcoded credentials)
-
Insufficient input data validation
-
Use of debugging flags in production versions of programs
Each of these issues can have serious consequences for an organisation. SQL Injection allows attackers to manipulate the database, which in extreme cases leads to the leakage of confidential information. Hardcoded credentials allow unauthorised persons to gain access to sensitive data. Insufficient validation of input data can be exploited for remote execution of malicious code.
“Detecting these threats manually is time-consuming and prone to human error. We have seen situations where critical errors went unnoticed for months, leading to real incidents” - notes Jaromir Wróblewski, cybersecurity manager at Stock Spirits Group. The problem also lies in the fact that traditional code audit methods are often insufficient, particularly given large volumes of code and a high pace of change.
SecurityBridge – intelligent security analysis of ABAP code
To effectively counter these risks, SecurityBridge developed the Code Vulnerability Analyzer (CVA), which uses advanced AI analysis. The tool integrates directly with the SAP system and enables automatic threat identification.
“AI technology allows our teams to detect threats hidden in ABAP code faster and more precisely, which was previously practically impossible to achieve manually” - emphasises Jacek Bugajski.
The AI used in SecurityBridge also translates complex ABAP code fragments into clear guidance, facilitating an immediate response from development teams. Thanks to this solution, IT teams can focus on strategic initiatives, confident that the underlying threats are automatically identified and neutralised on an ongoing basis.
What sets SecurityBridge CVA apart?
SecurityBridge CVA is characterised by several important features:
-
Automatic real-time analysis – continuous monitoring of ABAP code
-
Advanced elimination of false positives – precise identification of genuine threats
-
Proactive risk management – providing statistics and recommendations for preventive action
-
Integration with SAP IDE – the ability to work directly within development environments such as SE38, SE80 or Eclipse for ABAP
SNOK’s role in securing ABAP code
SNOK not only implements SecurityBridge tools, but also places particular emphasis on client education. “Our mission is to build awareness of how critical proper ABAP code security management is. We organise training sessions and workshops that help teams understand that secure code is not merely a technical obligation, but a key element of a company’s overall cybersecurity strategy” - explains Bugajski.
Effectiveness in practice – Stock Spirits Group case study
Stock Spirits Group, one of the leading premium spirits companies in Europe, operates an extensive IT infrastructure based on SAP solutions, supporting complex production, distribution and sales processes. The security of the SAP systems underpinning the company’s operations is a key aspect of Stock’s business risk management strategy.
Before working with SNOK and implementing the SecurityBridge solution, Stock’s IT team relied mainly on manual methods of verifying ABAP code. In practice, this meant carrying out periodic code security audits, which were time-consuming and did not provide full protection against dynamically evolving threats.
The situation changed dramatically after the implementation of the SecurityBridge solution. During systematic code scanning, the tool detected a critical vulnerability that could have been exploited by cybercriminals. The error consisted of insufficient input data validation in one of the key ABAP modules handling product distribution data.
Jaromir Wróblewski, cybersecurity manager at Stock, highlights the significance of this event: “Thanks to regular, automatic scans performed by SecurityBridge, we managed to detect and eliminate this vulnerability before it could cause real damage. A manual audit would most likely have missed this issue, given its complexity and subtlety.”
In addition, SecurityBridge allowed Stock to significantly increase the efficiency of its IT operations by automating security management processes. The freed-up human resources could focus on strategic projects that directly contribute to business growth. As a result, the company gained greater operational confidence and improved its overall resilience to cyberthreats.
The implementation of the SecurityBridge solution at Stock also demonstrated the importance of continuous education for IT teams. The SNOK team organised a series of workshops and training sessions for Stock employees, increasing their awareness of threats and their ability to effectively manage cyber risk.
“Thanks to our cooperation with SNOK, our IT staff have a better understanding of potential threats and are more aware of their role in maintaining the security of the entire organisation” - notes Jaromir Wróblewski.
Take the first step with SNOK
We invite you to take the first step towards fully securing the SAP systems in your organisation. SNOK offers a Proof-of-Concept (PoC) that identifies potential vulnerabilities in code or attack vectors.
Contact SNOK today and arrange a PoC to increase the security of your SAP environment.