I think the most important point for Portal, PI/PO and BPM consultants is the Java 8 features, let’s see some security features:
- Client-side TLS 1.2 enabled by default.
- Stronger algorithms for password-based encryption.
- SSL/TLS Server Name Indication (SNI) Extension support in JSSE Server.
- The SunJCE provider is enhanced to support AES/GCM/NoPadding cipher implementation as well as GCM algorithm parameters.
- SHA-224 Message Digests.
- Kerberos 5 weak encryption types disabled by default.
You can see the Best Practices for NW ABAP 7.5 on my SCN BLOG Site.