To prevent SQL Injection, you can take several measures. Besides the pure prevention measures, it is crucial to outline that finding all vulnerable coding snippets may be the biggest challenge for SAP customers. The SAP standard does come with the so-called ABAP Test Cockpit (ATC), which supports ABAP/4 code scan. However, it lacks the functionality to scan for SQL Injection vulnerabilities along with other security flaws in the code.
Once identified, correcting it is simple as it includes proper input validation, sanitization, the use of prepared statements, and database-level access controls implementation. When it comes to the SAP standard codebase, it is for the manufacturer to correct. Here it is essential to keep SAP software and SAP security patches up to date to address known vulnerabilities.