Best Practice 6.3 – Protect the database and the application

Security vigilance is imperative at the database and application layers, as a malicious actor gaining access at even a read-only level could compromise the security of critical business data. In all cases, follow the standard SAP best practices for database access protection and application security. These apply to both on-premises and cloud-based installations, and there are guidelines for each supported underlying database for SAP systems.

Suggestion 6.3.1 Follow SAP guidance on database security for your chosen database

Refer to the following for appropriate guidelines:

Database	Documentation
SAP HANA	AWS Documentation: AWS SAP HANA Security SAP Documentation: SAP HANA Security Guide SAP Documentation: SAP HANA Administration Guide SAP Note: 2159014 - FAQ: SAP HANA Security [Requires SAP Portal Access]
SAP ASE	SAP Documentation: Security Administration in SAP ASE
IBM Db2	(Consult SAP or Vendor documentation for guidance)
Oracle	SAP Documentation: SAP Database Guide - Oracle
Microsoft SQL Server	SAP Note: 3019299 - Security Audit Questions or Security Customization in NetWeaver and SQL Server systems [Requires SAP Portal Access]
SAP MaxDB	SAP Documentation: SAP MaxDB Security Guide

Suggestion 6.3.2 – Follow SAP guidance on application security

For SAP NetWeaver-based solutions, prescriptive guidance can be found in the SAP NetWeaver Security Guide.

SAP Documentation: ABAP Platform Security Guide

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Best Practice 6.2 – Build and protect the operating system

Best Practice 6.4 – Establish a plan for upgrading and patching all applicable software