Does your organization make sure correct authorization statements have been embedded in custom ABAP code? Are the basic authorization objects, for table and/or program access, such as S_TABU_DIS, S_TABU_NAM or S_PROGRAM actively being checked during transaction processing?

KES professionals are notorious for checking loopholes; and custom codes are a big deal when it comes to securing your SAP systems. Let’s face it, most programmers either hardcode the security checks (which might not necessarily be a best-practice) or skip this step entirely due to the lack of professional security personnel involvement during the initial spec design. Some other yet related points we go over:
• Custom Transaction Naming Convention
• Streamline IT process during transaction creation process