Custom SAP code presenting security risk: report


The custom code found in the average SAP customer’s system contains 16 highly critical security flaws, according to the latest Business Code Quality Benchmark from Virtual Forge.

The study examined over 300 systems at companies of various sizes and industries around the world, and aggregated the data based on anonymised scans.

“What’s particularly alarming is that every set of customer code we looked at contained significantly more fatal errors than in years past,” said Andreas Wiegenstein, CTO, Virtual Forge. “These are the vulnerabilities that expose companies to attacks.”

These vulnerabilities can be exploited to copy, modify or delete entire datasets, or shutting down an SAP system.

The benchmark also found that conventional IT security measures such as firewalls and antivirus software are insufficient to protect a company against errors in its ABAP code.

Organisations should instead implement a long-term SAP security strategy that covers factors from the automatic identification and elimination of coding errors to ABAP security training for in-house developers and the inclusion of code quality standards in vendor contracts.

The benchmark report is available for download free at

Share this post

submit to reddit

Leave a Reply

scroll to top