The Onapsis Blog

The world of business-critical application security and compliance is dynamic, with new developments happening on a continuous basis. Read our blog posts for recommendations, insights and observations on the latest news for safeguarding your SAP® and Oracle® applications.

10 Recommendations for Better ABAP

10 Recommendations for Better ABAP

ABAP stands for Advanced Business Application Programming (originally german, Allgemeiner Berichts-Aufbereitungs-Prozessor) and is SAP’s proprietary programming language. ABAP was invented in the late 80s, and 35 years and millions of lines of code later, it’s still here! We collected 10 recommendations if you start developing (or already do) in ABAP:

1. Create Your Own Standards

This recommendation kicks in even before you begin writing your first lines of code: discuss and define the minimum standards for your development process at the very beginning, because it will be challenging to change them later. This includes:

  • Package structure for main packages
  • Naming conventions for transports
  • Naming conventions for all developments objects and language elements 

2. Define Your Own Utility Layer

When running different ABAP projects in parallel, sooner or later, all of them will implement their own version of certain central utilities. We recommend creating a utility layer, which provides reusable services including clear implementation instructions for:

  • Exception handling 
  • Logging and Message handling
  • File access on the application server

It is also important to define clear responsibilities for maintaining these utilities.

3. Reuse SAP Frameworks and SAP Standards

Remember: any S/4HANA installation is coming with a multi-million line ABAP code base, and thus, it is no surprise that for many development tasks we can draw back on solutions coming with the standard. We would advise you to make use of these standard features as much as possible and not reinvent the wheel.

This is especially true for concepts and frameworks for securing your custom-build applications and enhancements. SAP is providing solutions and guidelines on how you should do e.g. user provisioning and authority checks, input validation, output encoding or encryption on your own. 

Keep your custom code compliant to these policies and best practices.

4. Apply Algorithm Design Patterns

Especially in classical SAP GUI-based ABAP coding, the risk of not encapsulating functional aspects of a custom application is very high, e.g. missing separation of database access, business logic and user interaction on the screen. You might end up in one of those monolithic monsters with thousands of lines of spaghetti code, which is hard to maintain, and even worse, nearly impossible to reuse.

These issues can be addressed by bpplying software design patterns. Most prominent for ABAP development is currently the MVC (Model-View-Controller pattern) which will help you to separate the internal representation and logic from the presentation of the data and the interaction with the user. WebDynpro for ABAP is a framework that is following this idea, but it is also possible to implement MVC in classical screens (Dynpros).

5. Code Scanning

Make static source code analysis an integral part of your development process, especially if you start working on new applications. It simply helps to reflect on the quality of your own code and can efficiently check (at least parts) of your development guidelines.

We also recommend integrating code scanning into your deployment process, regardless if you transport your ABAP coding with native Transport Management (TMS), SAP Solution Manager ChaRM, or other 3rd party solutions. Remember that every code issue that you fix before bringing it to production will in the end save you money.

6. Apply Peer Reviews as Part of Your QA

After applying code scanning and developer self-checks against the defined policies we recommend executing a team internal Peer Review for each new piece of coding (if you run in an Agile development process - think about making it part of your Definition-of-Done). Besides the fact that you might find flaws not detectable in static code analysis like structural issues (which are typically more severe), Peer Reviews have other benefits like automatic knowledge transfer between the peers, increasing analysis skills for the reviewer and general improvement for the writer.

7. Use Eclipse / ABAP Development Tools

This recommendation might sound obvious, but we still see many ABAP developers writing their ABAP coding in good-old ABAP editor (SE80). We recommend you start using Eclipse and the ABAP Development Tools (ADT)  as soon as possible. One of the reasons is that more-and-more ABAP repository objects can't be edited in SAP GUI. Also, new architecture concepts, like the ABAP Cloud Platform, require the usage of Eclipse.

8. Learn About Additional Basis Tools

With SAP's Netweaver, we already have a huge set of service and utility features at hand. Especially in the area of tracing the execution of your custom applications, there are tools that will turn out helpful sooner or later for all ABAP developers. 

  • Performance optimization: ABAP Runtime Analysis (transaction SAT) and DB traces (transaction ST05)
  • Authorization analysis: System Trace for Authorization Analysis (transaction STAUTHTRACE) and the User Information System (transaction SUIM)

9. ABAP NE ABAP

Adopting custom code as described in the SAP Simplification List 3) might mean a high effort for many SAP users. Leaving these changes aside you will still be able to write custom ABAP code in the same style and syntax as in the nineties.

But starting with Netweaver Release 7.40 SP8, a set of new statements and operators have been added to the ABAP programming language. Just to name some of the very useful features:

  • Operators like CORRESPONDING and CONV can help to move data between variables and also avoid the declaration of helper variables
  • Complex logical constructs can be simplified using SWITCH and COND
  • String-Templates make working on text-based variables much easier
  • And of course, inline declarations of variables and field symbols help to speed up the source code creation.

As soon as your “Basis” is offering those features we recommend to start using them - it will help to produce a more elegant, streamlined and cleaned up coding.

10. Never Stop Learning

“ABAP is dead!” We've heard this before, but yet… but it's still here. Quite the contrary, it feels like it is more alive than ever. Among the many hot topics we would like to highlight the following topics

  • Core Data Services (CDS) as the central tool for data modeling
  • ABAP Cloud Platform as SAP's Platform as a Service offering
  • Restful ABAP Programming (RAP) as SAP's go-to architecture for implementing applications in both the SAP Cloud Platform and SAP on-premise installations.

With these already out there and SAP´s roadmap indicating that more is coming: even senior ABAP people should never stop learning.

References: 

https://blogs.sap.com/2009/08/30/nomen-est-omen-abap-naming-conventions/

https://help.sap.com/doc/abapdocu_751_index_htm/7.51/en-us/abensyntax_obsolete.htm

https://help.sap.com/doc/0080a18cdc1045638d31c87b839011e7/1909.000/en-US/SIMPL_OP1909.pdf

 

View All SAP Security Notes

Request a
Business Risk Illustration

OPERATIONAL RESILIENCY ASSESSMENT

Prevent application downtime and costly business disruption

Request an Assessment
AUDIT EFFICIENCY ASSESSMENT

Eliminate resource consuming manual audit processes

Request an Assessment
CYBER RISK 
ASSESSMENT

Reduce vulnerabilities and misconfiguration to protect the business

Request an Assessment