Chapter-7

Risk	Description	Mitigation
SQL Injection	Malicious input executed as database commands	Use parameterized queries and validate inputs
Authorization Bypass	Skipping SAP role checks to access restricted data	Enforce proper authorization checks
Data Leakage	Exposure of sensitive info in logs or dumps	Mask sensitive data and limit log access
Code Injection	Execution of untrusted code	Avoid dynamic code execution or validate inputs
Cross-Site Scripting (XSS)	Injecting malicious scripts in web dynpro or UI5 apps	Encode output and validate user inputs

¶ Secure Development Lifecycle for ABAP