Xiting ABAP Alchemist

  • Improve the quality of custom ABAP code.
  • Detect vulnerabilities and missing authority checks.
  • Optimize SU24 and authorize users efficiently.
  • Identify SAP-standard code blocks (BAPIs) that can replace custom code.

ABAP Alchemist can help you optimize custom ABAP code and make recommendations for missing authorization checks. The built-in API Finder helps developers find standard SAP functions (e.g., BAPIs) that can be easily reused in custom code, thereby reducing the risk of introducing redundant code that might contain vulnerabilities.

ABAP Alchemist also offers recommendations for implementing additional security checks that have not been implemented within the source code. Possible weaknesses can be identified and remediated based on suggested improvements, and potential security gaps can then be closed.

ABAP Alchemist in Detail

YOUR CHALLENGE

Despite best practice guidelines and certain tools provided by SAP, developing custom applications introduces risk to your SAP landscape. With self-developed applications, correct authorization assignment is difficult if the developer did not implement the proper authority checks in the source code. However, the existence and accuracy of authority checks in the source code is essential to provide proper access control in SAP.

Granular access control of authorizations is only possible after security checks have been established and optimized in your custom applications. But traditional code scanning techniques only tend to focus on identifying classic coding errors, without providing sufficient information to developers and role administrators about how to fix the resulting authorization issues. 

CALL STACK ANALYSIS

One of the many valuable features of ABAP Alchemist is the call stack analysis. It allows you to examine code that goes beyond the boundaries of the selected object. For example, ABAP Alchemist can scan a transaction code (TCODE) as well as any programs, functions and classes that are part of the call stack.

As a result, ABAP Alchemist supports both developers and authorization administrators in identifying encapsulated functions within the source code.

SU24 Optimization

The integrated optimization function for SAP’s authorizations proposals database (SU24) allows you to compare and maintain suggested values for analyzed development objects based on the security checks contained in the code. As a result, you can keep your SU24 database properly maintained, which increases transparency and role maintainability. 

Flexible configuration options that allow you to define the scanning scope and the depth of the scan (call stack) make ABAP Alchemist a favorite tool among developers and role admins. Predefined checks can be used on a recurring basis and serve as a proactive measure within an internal control system (ICS).

MORE INFORMATION

Use Case
ABAP Alchemist in action: Quality control of customer-specific ABAP code.

On-Demand Webinars
Attend our webinars and learn more about the XAMS and SAP security.

SAP Security Blog
Learn more about the innovative modules of the XAMS in our blog posts.

Learn more about the modules of the XAMS!

We look forward to your inquiry!

Other XAMS Modules

The innovative modules of the XAMS adapt to your needs and thus enable tailor-made solutions.

Role Designer

Create sustainable authorization concepts, perform a what-if analysis, scan for SoD conflicts during the design phase, and quickly migrate roles to SAP S/4HANA using a virtual role design cockpit.

Role Builder

Virtually eliminate the need to test new roles or role changes through an innovative concept called Productive Test Simulation (PTS).