Security is an important aspect when you create Web applications using BSP programming. It has feature which you can use while programming it and also when you use BSP created pages.
Security in AS-ABAP : Application Server-ABAP.
It has following aspects to it :
1) Network infrastructure: Network needs to support the communication necessary for business needs without allowing unauthorized access. Network topology can eliminate many security threats based on software flaws and prevents network attacks. SAP offers general recommendations defining network topology, which include using a firewall and other intermediary devices, such as SAP Web dispatcher and the SAProuter. At the transport layer, the SAP NetWeaver products support the use of the Secure Sockets Layer (SSL) protocol and Secure Network Communications (SNC).
2)Security in AS-ABAP: The SAP Web Application Server supports security features which is used when running your applications. Such as Support of the Secure Sockets Layer (SSL) protocol and User authentication using Logon tickets or X.509 client certificates.
3)Configuration of SSL Support: It contains a checklist which include installing cryptographic library on the application server, seting profile parameters etc .
P.S http://help.sap.com/saphelp_nw70/helpdata/en/65/6a563cef658a06e10000000a11405a/frameset.htm
4)Logon ticket cache:Its used for increasing performance when there are multiple logons
It is used to increase the speed of the logon for a specific user, after user has logged on for the first time.
.Its set up using profile parameters such as login/create_sso2_ticket , login/accept_sso2_ticket. Its like a cookie ,the logon ticket is stored in a non-persistent HTTP cookie in the user's Web browser.When a user logs on to SAP Web Application Server using a logon ticket, the system searches the cache memory. If the system finds a cache entry for this logon ticket, it reads the logon information from the cache memory.
5)Virus scan profiles :SAP delivers virus scan profiles for ABAP .They are /SCET/GUI_UPLOAD ( used when uploading a file to sap using GUI_UPLOAD) and /SIHTTP/HTTP_UPLOAD (used by the BSP framework )
6)Virus scan interface : Virus Scan Interface to include external virus scanners in the SAP system to increase the security.Its used to scan files or documents that are processed by applications for viruses.
7) Internet communication manager:Used for communication between the SAP System (SAP Web Application Server) and the internet via HTTP, HTTPS and SMTP protocols.