# Introduction rganizations in the world are using a wide variety of information systems to Support their products and services to growing business and improve organizational performance (Al-Dhaafri et al, 2016). ERP systems in large and medium-sized organizations contribute to the management and use of their resources (materials, human resources, financing, etc.) in effective ways, by providing integrated solutions to the organization's information processing needs. (Olson DL et al., 2012) ERP systems are a key component of government or private organizations. The ERP system contains important data that is exposed to many threats both external and internal, has a significant impact on the failure of the Organization's work. Therefore, all security aspects such as Integrity, confidentiality and availability are critical in the ERP system (Gupta et al., 2017). # The other important benefits of an ERP as following as: ? Lower operational cost by defined and more streamlined business processes (oracle, 2017). # Principles of ERP System Security based on Web Services Security principles for system designers are considered as guidelines in the design and implementation of systems security. There are many security principles will be mentioned as follows: # a) Security Defense in depth This principle is based on the imposition of security policies on every layer of the system and the architecture of this system, which prevents the hacker from infiltrating the system (Kumar,2014). In addition, enterprises apply this principle by using the firewall as the first line of defense, the second line is using Web server security, the third line operating system security, database security level and other levels as the customer needs. # b) Patch the weakest link This principle depends on the designers of the systems to identify weaknesses in the security of the system in various components by conducting tests of the system and try to penetrate this system (Kumar, 2014). Also strengthen any weak layer can be penetrated. # c) Classifications This principle classifies all system resources and functions into different security classifications, limiting access to users with appropriate roles and privileges (Kumar, 2014). In addition to preventing accidental access to system confidential data and preventing unauthorized access to the system. # d) Single entrance point of entry The ERP system should allow users only through a single authentication point and should avoid other points of entry and URL shortcuts. However, the importance of this principle reduces the chances of penetration to secret data and unauthorized access to data (Kumar,2014). It also has all the web pages protected and automatically redirected to the login page that performs as a single entry point. The system does not allow access to system data through pages other than the login page. # e) User data validation The data inserted by the user should be validated and cleaned at various levels in the system. Data must also be properly encrypted when saved and transported into different layers (Kumar, 2014). However, the importance of this principle is to prevent attacks caused by the introduction of malicious contents into system data. The security mechanism checks the data entered by the user in the client layer and on the server layer using different verification methods. # III. Properties of ERP System Security based on Web Services There are five security properties as follows (Messaoud and Diouri, 2014): # a) Confidentiality This property includes preventing unauthorized persons from reading the information and allowing only those authorized to read the information from the system. # b) Integrity This feature does not allow unauthorized users to allow modification of data in the system, and only allow modification of data to authorized users. # c) Authenticity This property ensures that the person using the system is the same person who is allowed to use the system. # d) Non-repudiation This property ensures that the appropriate proof is logged in the user transaction log so that the user is not allowed to deny the transaction. # e) Availability This property ensures that users can access the information in the system at any time without any obstacles preventing this property. # IV. Security challenges of ERP System Security based on Web Services ERP systems are of critical nature because of the value of the data they contain and the need to adopt the complete confidentiality of these data .also what may be dangerous to all department of the organization because of any security breach of data, representing security challenges is a real problem for organizations using the ERP system. The main of the security challenges facing the ERP system is as follows: 1. Passwords are used in the default database or default applications. 2. Access to the system from outside the place of the organization using this system. 3. Direct access to the database system by users of this system inside the organization. 4. The bad design of the security system of the ERP system by the providers, which leads to security problems in this system. 5. Not using a data encryption system in the ERP system that prevents any data leaks during data transfers and update information. 6. Weak passwords and the inability to control them because of the use of many machine passwords. # V. Security Requirement of ERP System Security based on Web Services Data-level transactions are performed securely from one end to the other during transport and data storage. Requirements for providing comprehensive security for web services are summarized in following table (Messaoud and Diouri, 2014): # Requirement # Clarifications # Authentication There is an urgent need for the system to verify the identity of the user. Especially in the case of mutual authentication because users may have indirect contact with the system. Therefore, multiple authentication methods are used and can be grouped together. These methods include password and Lightweight directory access protocols (LDAP) # Authorization Authorization: This requirement is necessary to control the process of authorizing access to information about the system, and determining the mechanisms of delegation for the system Data Integrity and Data Confidentiality Data integration technology guarantees that data has not been changed during the transmission process. This technique also includes data confidentiality using various encryption and digital signature technologies. # Audit Trails This requirement includes the audit process and tracking user access and behaviour. In order to reduce the occurrence of any violations and check the accounts to ensure that this violation does not occur and repair any gap may lead to any violation VI. # Conclusions This paper focused on ERP security based on web services where this study explained the ERP system in terms of its definition and indicated the extent of its importance for governmental and private organizations as this system is one of the most important systems that organizations seek to implement due to the great benefits that this system provides to organizations. The implementation of the ERP based on web services faces many challenges and difficulties and the most important of these challenges, which this study focused on are security challenges, so the study clarified the basic principles upon which the security systems that used in ERP based on web services, where the study found that the most important safety principles that should be present are Security defence-in-depth, Patch the weakest link, Classifications, Single entrance point of entry and User data validation. Also, the study explained the most important security characteristics of the ERP based on web services that must be contained in the security system, which are Non-repudiation, Authenticity, Confidentiality and Availability. Nevertheless, the implementation of the ERP system faces many challenges, so the study explained the most important of these challenges that face the implementation of the system, and there are many requirements that the security application requires in the ERP system based on web services, so this study explained the most important system requirements that must exist In order to activate security with high efficiency, the most important of these requirements are Authentication, Authorization, Data Integrity, Audit Trails. Year 2020 ( ) E © 2020 Global Journals ERP Security Based on Web Services * The impact of total quality management and entrepreneurial orientation on organizational performance HSAl-Dhaafri AAl-Swidi International Journal of Quality and Reliability Management 2016 * Oracle ® E-Business Suite RFarrington 2017. August * Identification of challenges and their ranking in the implementation of cloud ERP: A comparative study for SMEs and large organizations SGupta 10.1108/IJQRM-09-2015-0133 International Journal of Quality and Reliability Management 34 7 2017 * Web Service Security Overview, analysis and challenges EHoussain 2014 11 * Architecting High Performing, Scalable and Available Enterprise Web Applications SSKumar 2014. 8 February 2019 Elsevier Science & Technology San Francisco Available from: ProQuest Ebook Central * Classifying systemic differences between Software as a Service-and On-Premise-Enterprise Resource Planning BLink ABack 10.1108/JEIM-07-2014-0069 Journal of Enterprise Information Management 28 6 2015 * Case of development of a small business ERP consultant knowledge base. Advances in Enterprise Information Systems II 2012 DLOlson VVan Huy NMTuan 81 * What is ERP? Definition and FAQs -ProQuest WThomas ERP Systems 2017