Best Practices for Ensuring ABAP Code Quality and Security
|
|
- Kathlyn Dorsey
- 7 years ago
- Views:
Transcription
1 Best Practices for Ensuring ABAP Code Quality and Security David Chapman - Vice President of Sales it Services 2 Stephen Lamy Managing Director Virtual Forge
2 2 nd Generation SAP Consulting Firm Focused on SAP since 1996 Senior, principal and platinum level expertise Virtual Forge Sales and Services Business partner since 2012 We ve partnered with Virtual Forge because we value their commitment to excellence and their deep SAP expertise. Virtual Forge mirrors it2 values and culture. Lynne McGrew CEO, it Services 2
3 Experts in the field of SAP application security and quality Founded in 2001 CodeProfiler released 2008 Patented Data and Control Flow Static Analysis for ABAP Heidelberg, Weimar and Philadelphia
4 1. Drivers for Change: ABAP Application Landscape 2. Today s Practices? 3. BEST Practices 4. Benefits Summary
5 1. Drivers for Change: ABAP Application Landscape 2. Today s Practices? 3. BEST Practices 4. Benefits Summary
6 The Evolution of the SAP Landscape In the past Today Future Isolated systems Long release cycles Few attack vectors Security using firewalls Open systems Frequent release cycles Network boundaries disappearing Cloud-based applications Hacker attacks Open systems High frequency releases Interconnected networks IT espionage Cyber attacks & espionage
7 The Attack Surface of ABAP
8 The Attack Surface of ABAP
9 Since The Attack Surface of ABAP
10 Source of Defects Little/no technical specifications Manual/Basic code reviews Testing focused on functional aspects External/3 rd Party development Limited/no code change monitoring
11 Business Risks Cyberattacks Data theft/fraud Industrial espionage Loss of image System failures
12 Cost to Business $100 $1,000 $10,000 $$$$$ to correct defect during development to correct defect found in QA testing to correct defect in production Cost of attack or system down
13 1. Drivers for Change: ABAP Application Landscape 2. Today s Practices? 3. BEST Practices 4. Benefits Summary
14 Important Rules to Remember 1. Companies are responsible for their own custom code. 2. If you can t enforce code quality and security standards consistently, it won t work.
15 Who is responsible for the code? [ One solution, ] many capabilities Developers Test ABAP code for defects fast and reliably by performing on-line scanning as needed during development Development and Project Managers Ensures that internally and externally developed applications and third-party solutions meet pre-defined security and quality criteria IT and Security Responsibles Tests applications for full transparency of the ABAP code quality in their SAP systems
16 Who is checking? [ One solution, ] many capabilities Software Companies and SAP Partners Ensure and document the code quality of their solutions Purchasers Check Deliverables pre-defined quality criteria within the scope of tenders with a click of a button Auditors and Controllers Provided full transparency of security and compliance risks in SAP systems
17 Today s Practices? How ABAP code reviews are often done today: Manual code reviews Using top programming resources for reviews Using basic tools with limited testing and lot of falsepositive findings No effective technical code testing at all!
18 Today s Practices? Manual Code Reviews: Use valuable development resources Delay project release (or accept lower quality) Limited effectiveness due to program complexity Feedback too late in development cycle Performance/Failures in production Higher cost of mediation Few/No defined security & quality standards Styles and techniques vary by reviewer/developer
19 Today s Practices? Basic ABAP Testing Tools: Limited (and weak) testing, e.g. pattern recognition Not comprehensive for Security and Quality Not integrated with ABAP Development Workbench No on-line scanning during development Higher TCO for manual corrections No documentation/navigation for efficient mediation Inaccurate results (High false-positive rate) Loss of time spent evaluating Loss of credibility for tool Slow / Batch / Offline
20 1. Drivers for Change: ABAP Application Landscape 2. Today s Practices? 3. BEST Practices 4. Benefits Summary
21 Quelle: Success Story with Linde, Best Practices Best Practices for Ensuring ABAP code for Quality and Security 1. Online Scanning and Correction during Development 2. Testing of all Outsourced Deliverables (you are responsible!) 3. Automatic Scanning and Correction of SAP ABAP Changes 4. Static Code Analysis for ABAP
22 Best Practices : In-house Development Online Scanning and Correction during Development Define clear code standards, train, and test results! Enable online scanning during development Developers scan during unit testing for immediate feedback Fast mediation Automatic code correction Provide detailed documentation for developer training and instructions for mediation since we ve been using Virtual Forge CodeProfiler, developers have become more aware and are delivering better quality code. Stephan Sachs Manager for Application Security
23 Best Practices: Data and Control Flow Analysis METHOD read METHOD read. Input DATA: request DATA: s_html DATA: event TYPE REF TO if_http_request. TYPE string. TYPE string. request->get_form_field() Stored in variable s_html = request->get_form_field( 'mydata' ). CALL METHOD me->process EXPORTING s_data = s_html. RETURN. s_html ENDMETHOD. Passed on to another method and variable METHOD process METHOD process. DATA: s_out DATA: out TYPE string. TYPE REF TO if_bsp_writer. s_data CONCATENATE `<b>` s_data `</b>` INTO s_out. Modifed and copied to another variable out = me->get_previous_out( ). s_out out->print_string( s_out ). ENDMETHOD. Output out->print_string() Passed on to dangerous function
24 Best Practices : Outsourced Development Testing of all Outsourced Deliverables Communicate and enforce SLA s Let them know that you will be testing Test all deliverables before beginning functional testing Don t waste time functionally testing inferior code Recommend 2-4 weeks prior (at least) Test immediately? is this code safe enough for your DEV? Decide who will be responsible for corrections beforehand Plan for mediation activities who is responsible for corrections using CodeProfiler software for verifying all 3rd party code has revolutionized our way of working We now have gained control over the coding quality and security risks" Roderik Mooren, IT DirectorServices
25 Best Practice : Comprehensive Testing Security ABAP Command Injection OS Command Execution SQL Injection Broken Authority Checks Hard-Coded Usernames... Performance Usage of WAIT Command Usage of SELECT* Nested Loop Incomplete Index... s Security Tests CodeProfiler PATENTED all rights reserved QA Tests Data Loss Prevention Disclosure of Critical Data Disclosure of Source Code Maintenance of sensitive data Maintainability & Robustness Naming Conventions Nested Macro Calls Hard-coded Org Units Insufficient Error Handling... Security Performance Quality
26 Best Practices: Automatic Code Scanning ABAP Firewall: Automatic Scanning of all SAP ABAP Changes Scan all Transport Requests upon release Stop Transport Requests with defects do not allow release Compliance testing and audit trail PCI, PII, SOX, FDA, Basil II, etc. Ready for emergency corrections Bypass Firewall with approval Track flaws for mediation later Using CodeProfiler we can ensure transparency with regard to the quality of our ABAP development. Kai-Uwe Beifuß, SAP Applications
27 Best Practices: Automatic Code Scanning ABAP Firewall: Automatic Scanning of all SAP ABAP Changes
28 1. Drivers for Change: ABAP Application Landscape 2. Today s Practices? 3. BEST Practices 4. Benefits Summary
29 Benefits of Best Practices Lower Risk Detect and support mediation of vulnerabilities Cyberattacks/Espionage Performance/System failures Data Theft/Fraud/Loss Test in-/out-sourced development and 3rd party add-ons. Enforces standards for all development deliverables Clear and enforceable definition of programming standards Ensure all ABAP code changes meet Compliance and Audit requirements
30 Benefits of Best Practices Lower TCO Find problems earlier in SDLC = Lower cost to mediate defect better quality code (maintainability, performance, robustness) = Lower test and maintenance costs Reduce review & testing times = Faster delivery of new applications Automate scanning and review = Less use of (expensive) development resources Online scanning & mediation support for faster resolution = Less time for corrections and repair Better quality code = Less SAP production system issues
31 Getting Started Complimentary Scan Take the Test! see Your ABAP code Security & Compliance Performance Robustness & Maintainability Data Loss Prevention Complimentary Scan Virtual Forge CodeProfiler Summary of findings Prioritization of found vulnerabilities Specific examples of findings from your own code Code metrics Benchmark (on request)
32 Thank You! David Chapman Telephone: Stephen Lamy Telephone:
33 Disclaimer 2012 Virtual Forge Inc. All rights reserved. SAP, R/3, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG. All other product and service names mentioned are the trademarks of their respective companies. Information contained in this publication is subject to change without prior notice. It is provided by Virtual Forge and serves informational purposes only. Virtual Forge is not liable for errors or incomplete information in this publication. Information contained in this publication does not imply any further liability. Virtual Forge Terms and Conditions apply. See for details. Excellence 2012 in SAP Virtual Consulting Forge Inc All rights reserved.
34 THANK YOU FOR PARTICIPATING Please provide feedback on this session by completing a short survey via the event mobile application. SESSION CODE: 0814 For ongoing education on this area of focus, visit
Ensuring the Security and Quality of Custom SAP Applications
Ensuring the Security and Quality of Custom SAP Applications for smooth-running SAP applications and business processes Security is an important quality feature Security is important to us and to our customers.
More informationzur Erstellung von Präsentationen
Dr. Markus Schumacher PPT Reliable Masterfolie SAP Applications We protect your ABAP We protect your ABAP TM Code: Security, Compliance, Performance, Maintainability & Robustness CONTENTS 1. About Virtual
More informationABAP Custom Code Security
ABAP Custom Code Security A collaboration of: SAP Global IT & SAP Product Management for Security, IDM & SSO November, 2012 Public SAP Global IT - ABAP custom code security 1. Introduction / Motivation
More informationSAP NetWeaver Application Server Add-On for Code Vulnerability Analysis
SAP NetWeaver Application Server Add-On for Code Vulnerability Analysis Disclaimer This presentation outlines our general product direction and should not be relied on in making a purchase decision. This
More informationSecurity Think beyond! Patrick Hildenbrand, SAP HANA Platform Extensions June 17, 2014
Security Think beyond! Patrick Hildenbrand, SAP HANA Platform Extensions June 17, 2014 Disclaimer This presentation outlines our general product direction and should not be relied on in making a purchase
More informationAuditing the Security of an SAP HANA Implementation
Produced by Wellesley Information Services, LLC, publisher of SAPinsider. 2015 Wellesley Information Services. All rights reserved. Auditing the Security of an SAP HANA Implementation Juan Perez-Etchegoyen
More informationDetecting Data Leaks in SAP -
Andreas Wiegenstein TITEL bearbeiten Dr. Markus Schumacher IT Defense, January 30th February 1st, Berlin Detecting Data Leaks in SAP - The Click Next to Level edit Master of Static text Code styles Analysis
More informationtheguard! SmartChange Intelligent SAP change management think big, change SMART!
theguard! SmartChange Intelligent SAP change management think big, change SMART! theguard! SmartChange theguard! SmartChange takes an intelligent SAP change management approach. It provides maximum automation,
More informationSAP NetWeaver Application Server Add-On for Code Vulnerability Analysis. Patrick Hildenbrand, Product Management Security, SAP AG September 2014
SAP NetWeaver Application Server Add-On for Code Vulnerability Analysis Patrick Hildenbrand, Product Management Security, SAP AG September 2014 Disclaimer This presentation outlines our general product
More informationWhiteHat Security White Paper. Top 11 PCI DSS 3.0 Changes That Will Affect Your Application Security Program
WhiteHat Security White Paper Top 11 PCI DSS 3.0 Changes That Will Affect Your Application Security Program October 2015 The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information
More informationControlling Risk Through Software Code Governance
Controlling Risk Through Software Code Governance July 2011 Catastrophic Consequences Today s headlines are filled with stories about catastrophic software failures and security breaches; medical devices
More informationCompliance & SAP Security. Secure SAP applications based on state-of-the-art user & system concepts. Driving value with IT
Compliance & SAP Security Secure SAP applications based on state-of-the-art user & system concepts Driving value with IT BO Access Control Authorization Workflow Central User Management Encryption Data
More informationHow To Make Your Software More Secure
SAP Security Concepts and Implementation Source Code Scan Tools Used at SAP Detecting and Eliminating Security Flaws Early On Table of Contents 4 SAP Makes Code Scan Tools for ABAP Programming Language
More informationHow To Improve Your Software
Driving Quality, Security and Compliance in Third- Party Code Dave Gruber Director of Product Marketing, Black Duck Keri Sprinkle Sr Product Marketing Manager, Coverity Jon Jarboe Sr Technical Marketing
More informationApplication security testing: Protecting your application and data
E-Book Application security testing: Protecting your application and data Application security testing is critical in ensuring your data and application is safe from security attack. This ebook offers
More informationSecuring Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group
Securing Your Web Application against security vulnerabilities Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Agenda Security Landscape Vulnerability Analysis Automated Vulnerability
More informationYour world runs on applications. Secure them with Veracode.
Application Risk Management Solutions Your world runs on applications. Secure them with Veracode. Software Security Simplified Application security risk is inherent in every organization that relies on
More informationNow Is the Time for Security at the Application Level
Research Publication Date: 1 December 2005 ID Number: G00127407 Now Is the Time for Security at the Application Level Theresa Lanowitz Applications must be available, useful, reliable, scalable and, now
More informationSAP Managed Services SAP MANAGED SERVICES. Maximizing Performance and Value, Minimizing Risk and Cost
SAP Managed Services SAP MANAGED SERVICES Maximizing Performance and Value, Minimizing Risk and Cost WE RE FOCUSED ON YOUR GOALS Increase productivity with fewer resources. Optimize IT systems while cutting
More informationStandard: Web Application Development
Information Security Standards Web Application Development Standard IS-WAD Effective Date TBD Email security@sjsu.edu # Version 2.0 Contact Mike Cook Phone 408-924-1705 Standard: Web Application Development
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationDFW INTERNATIONAL AIRPORT STANDARD OPERATING PROCEDURE (SOP)
Title: Functional Category: Information Technology Services Issuing Department: Information Technology Services Code Number: xx.xxx.xx Effective Date: xx/xx/2014 1.0 PURPOSE 1.1 To appropriately manage
More informationWhite Paper. Automating Your Code Review: Moving to a SaaS Model for Application Security
White Paper Automating Your Code Review: Moving to a SaaS Model for Application Security Contents Overview... 3 Executive Summary... 3 Code Review and Security Analysis Methods... 5 Source Code Review
More informationOrganizations Should Implement Web Application Security Scanning
Research Publication Date: 21 September 2005 ID Number: G00130869 Organizations Should Implement Web Application Security Scanning Amrit T. Williams, Neil MacDonald Web applications are prone to vulnerabilities
More informationReporting and Incident Management for Firewalls
Reporting and Incident Management for Firewalls The keys to unlocking your firewall s secrets Contents White Paper November 8, 2001 The Role Of The Firewall In Network Security... 2 Firewall Activity Reporting
More informationSeven Practical Steps to Delivering More Secure Software. January 2011
Seven Practical Steps to Delivering More Secure Software January 2011 Table of Contents Actions You Can Take Today 3 Delivering More Secure Code: The Seven Steps 4 Step 1: Quick Evaluation and Plan 5 Step
More informationIBM Rational AppScan Source Edition
IBM Software November 2011 IBM Rational AppScan Source Edition Secure applications and build secure software with static application security testing Highlights Identify vulnerabilities in your source
More informationWhite Paper. Guide to PCI Application Security Compliance for Merchants and Service Providers
White Paper Guide to PCI Application Security Compliance for Merchants and Service Providers Contents Overview... 3 I. The PCI DSS Requirements... 3 II. Compliance and Validation Requirements... 4 III.
More informationSAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts
SAP Cybersecurity Solution Brief Objectives Solution Benefits Quick Facts Secure your SAP landscapes from cyber attack Identify and remove cyber risks in SAP landscapes Perform gap analysis against compliance
More information"Practical Security Testing for Web Applications"
T10 Track 5/7/2009 11:15:00 AM "Practical Security Testing for Web Applications" Presented by: Rafal Los Hewlett-Packard Application Security Center Presented at: 330 Corporate Way, Suite 300, Orange Park,
More informationCYBER-ATTACKS & SAP SYSTEMS Is our business-critical infrastructure exposed?
CYBER-ATTACKS & SAP SYSTEMS Is our business-critical infrastructure exposed? by Mariano Nunez mnunez@onapsis.com Abstract Global Fortune 1000 companies, large governmental organizations and defense entities
More informationCoverity White Paper. Reduce Your Costs: Eliminate Critical Security Vulnerabilities with Development Testing
Reduce Your Costs: Eliminate Critical Security Vulnerabilities with Development Testing The Stakes Are Rising Security breaches in software and mobile devices are making headline news and costing companies
More informationInception of the SAP Platform's Brain Attacks on SAP Solution Manager
Inception of the SAP Platform's Brain Attacks on SAP Solution Manager Juan Perez-Etchegoyen jppereze@onapsis.com May 23 rd, 2012 HITB Conference, Amsterdam Disclaimer This publication is copyright 2012
More informationTHE HACKERS NEXT TARGET
Governance and Risk Management THE HACKERS NEXT TARGET YOUR WEB AND SOFTWARE Anthony Lim MBA CISSP CSSLP FCITIL Director, Security, Asia Pacific Rational Software ISC2 CyberSecurity Conference 09 Kuala
More informationProtect Your Connected Business Systems by Identifying and Analyzing Threats
SAP Brief SAP Technology SAP Enterprise Threat Detection Objectives Protect Your Connected Business Systems by Identifying and Analyzing Threats Prevent security breaches Prevent security breaches Are
More informationApplication Backdoor Assessment. Complete securing of your applications
Application Backdoor Assessment Complete securing of your applications Company brief BMS Consulting is established as IT system integrator since 1997 Leading positons in Eastern Europe country Product
More informationNEC Managed Security Services
NEC Managed Security Services www.necam.com/managedsecurity How do you know your company is protected? Are you keeping up with emerging threats? Are security incident investigations holding you back? Is
More informationSAP Product and Cloud Security Strategy
SAP Products and Solutions SAP Product and Cloud Security Strategy Table of Contents 2 SAP s Commitment to Security 3 Secure Product Development at SAP 5 SAP s Approach to Secure Cloud Offerings SAP s
More informationCloud-based Managed Services for SAP. Service Catalogue
Cloud-based Managed Services for SAP Service Catalogue Version 1.8 Date: 28.07.2015 TABLE OF CONTENTS Introduction... 4 Managed Services out of the Cloud... 4 Cloud-based Flexibility, Efficiency and Scalability...
More informationSAP Security Recommendations December 2011. Secure Software Development at SAP Embedding Security in the Product Innovation Lifecycle Version 1.
SAP Security Recommendations December 2011 Secure Software Development at SAP Embedding Security in the Product Innovation Lifecycle Version 1.0 Secure Software Development at SAP Table of Contents 4
More informationProtect the data that drives our customers business. Data Security. Imperva s mission is simple:
The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent
More informationHack In The Box Conference 2011, Amsterdam. Dr. Markus Schumacher
Hack In The Box Conference 2011, Amsterdam Dr. Markus Schumacher PPT SQL Masterfolie Injection with ABAP zur Ascending Erstellung from Open von SQL Injection Präsentationen to ADBC Injection Who am I Andreas
More informationENTERPRISE MANAGEMENT AND SUPPORT IN THE TELECOMMUNICATIONS INDUSTRY
ENTERPRISE MANAGEMENT AND SUPPORT IN THE TELECOMMUNICATIONS INDUSTRY The Telecommunications Industry Companies in the telecommunications industry face a number of challenges as market saturation, slow
More informationOperationalizing Application Security & Compliance
IBM Software Group Operationalizing Application Security & Compliance 2007 IBM Corporation What is the cost of a defect? 80% of development costs are spent identifying and correcting defects! During the
More informationHow to achieve PCI DSS Compliance with Checkmarx Source Code Analysis
How to achieve PCI DSS Compliance with Checkmarx Source Code Analysis Document Scope This document aims to assist organizations comply with PCI DSS 3 when it comes to Application Security best practices.
More informationTransparency. Privacy. Compliance. Security. What does privacy at Microsoft mean? Are you using my data to build advertising products?
Privacy Transparency What does privacy at Microsoft mean? Are you using my data to build advertising products? Where is my data? Who has access to my data? Compliance What certifications and capabilities
More informationEnabling Continuous Delivery by Leveraging the Deployment Pipeline
Enabling Continuous Delivery by Leveraging the Deployment Pipeline Jason Carter Principal (972) 689-6402 Jason.carter@parivedasolutions.com Pariveda Solutions, Inc. Dallas,TX Table of Contents Matching
More informationRequirements-Based Testing: Encourage Collaboration Through Traceability
White Paper Requirements-Based Testing: Encourage Collaboration Through Traceability Executive Summary It is a well-documented fact that incomplete, poorly written or poorly communicated requirements are
More informationIBM Rational AppScan: Application security and risk management
IBM Software Security November 2011 IBM Rational AppScan: Application security and risk management Identify, prioritize, track and remediate critical security vulnerabilities and compliance demands 2 IBM
More informationEffective Software Security Management
Effective Software Security Management choosing the right drivers for applying application security Author: Dharmesh M Mehta dharmeshmm@mastek.com / dharmeshmm@owasp.org Table of Contents Abstract... 1
More informationAccelerating Software Security With HP. Rob Roy Federal CTO HP Software
Accelerating Software Security With HP Rob Roy Federal CTO HP Software If we were in a cyberwar today, the United States would lose. Mike McConnell Former DNI, NSA. Head of Booz Allen Hamilton National
More informationScribe Demonstration Script Web Leads to Dynamics CRM. October 4, 2010 www.scribesoft.com
Scribe Demonstration Script Web Leads to Dynamics CRM October 4, 2010 www.scribesoft.com Important Notice No part of this publication may be reproduced, stored in a retrieval system, or transmitted in
More informationSAP Secure Operations Map. SAP Active Global Support Security Services May 2015
SAP Secure Operations Map SAP Active Global Support Security Services May 2015 SAP Secure Operations Map Security Compliance Security Governance Audit Cloud Security Emergency Concept Secure Operation
More informationCA Workload Automation Agent for Microsoft SQL Server
CA Workload Automation Agent for Microsoft SQL Server Release Notes r11.3.1, Second Edition This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter
More informationVOLUME 3. State of Software Security Report. The Intractable Problem of Insecure Software
VOLUME 3 State of Software Security Report The Intractable Problem of Insecure Software Executive Summary April 19, 2011 Executive Summary The following are some of the most significant findings in the
More informationNew IBM Security Scanning Software Protects Businesses From Hackers
New IBM Security Scanning Software Protects Businesses From Hackers Chatchawun Jongudomsombut Web Application Security Situation Today HIGH AND INCREASING DEPENDENCE ON WEB SERVICES Work and business Communications
More informationAPPLICATION SECURITY: ONE SIZE DOESN T FIT ALL
APPLICATION SECURITY: ONE SIZE DOESN T FIT ALL Charles Henderson Trustwave SpiderLabs Session ID: Session Classification: SPO2-W25 Intermediate AGENDA One size rarely fits all Sizing up an application
More informationSymphony Plus Cyber security for the power and water industries
Symphony Plus Cyber security for the power and water industries Symphony Plus Cyber Security_3BUS095402_(Oct12)US Letter.indd 1 01/10/12 10:15 Symphony Plus Cyber security for the power and water industries
More informationAutomating Security Testing. Mark Fallon Senior Release Manager Oracle
Automating Security Testing Mark Fallon Senior Release Manager Oracle Some Ground Rules There are no silver bullets You can not test security into a product Testing however, can help discover a large percentage
More informationIBM X-Force 2012 Cyber Security Threat Landscape
IBM X-Force 2012 Cyber Security Threat Landscape Johan Celis X-Force R&D Spokesperson Security Channel Sales Leader BeNeLux 1 Mission IBM Security Systems To protect our customers from security threats
More informationRealize That Big Security Data Is Not Big Security Nor Big Intelligence
G00245789 Realize That Big Security Data Is Not Big Security Nor Big Intelligence Published: 19 April 2013 Analyst(s): Joseph Feiman Security intelligence's ultimate objective, enterprise protection, is
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationOften Clients tend to use in-house functional resources for their testing and validation processes ending up with issues such as
TESTING IN ERP ENVIRONMENT Organizations implement ERP applications to respond to major business challenges of reducing costs and improving revenue. ERP applications make use of a single, centralized data
More informationContinuous???? Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
???? 1 Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Application Delivery is Accelerating Surge in # of releases per app
More informationProactive Performance Management for Enterprise Databases
Proactive Performance Management for Enterprise Databases Abstract DBAs today need to do more than react to performance issues; they must be proactive in their database management activities. Proactive
More informationRolling out an Effective Application Security Assessment Program. Jason Taylor, CTO jtaylor@securityinnovation.com
Rolling out an Effective Application Security Assessment Program Jason Taylor, CTO jtaylor@securityinnovation.com About Security Innovation Authority in Application Security 10+ years of research and assessment
More informationEnd-to-End Service Management
Solution in Detail Customer Service Executive Summary Contact Us End-to-End Service Reducing the Cost of Service Reducing the Cost of Service Optimize Service The business landscape is more competitive
More informationCyber Security Management
Cyber Security Management Focusing on managing your IT Security effectively. By Anthony Goodeill With the news cycles regularly announcing a recurrently theme of targets of hacker attacks and companies
More informationU.S. FDA Title 21 CFR Part 11 Compliance Assessment of SAP Records Management
U.S. FDA Title 21 CFR Part 11 Compliance Assessment of SAP Records Management Disclaimer These materials are subject to change without notice. SAP AG s compliance analysis with respect to SAP software
More informationCloud Assurance: Ensuring Security and Compliance for your IT Environment
Cloud Assurance: Ensuring Security and Compliance for your IT Environment A large global enterprise has to deal with all sorts of potential threats: advanced persistent threats (APTs), phishing, malware
More informationSoftware as a Service: Guiding Principles
Software as a Service: Guiding Principles As the Office of Information Technology (OIT) works in partnership with colleges and business units across the University, its common goals are to: substantially
More informationWHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats
WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top
More informationAndreas Wiegenstein Dr. Markus Schumacher
Andreas Wiegenstein Dr. Markus Schumacher PPT SAP Masterfolie GUI Hacking (V1.0) zur Troopers Erstellung Conference von 2011, Heidelberg Präsentationen Who am I Andreas PPT Masterfolie Wiegenstein CTO
More informationTufin Orchestration Suite
Tufin Orchestration Suite Security Policy Orchestration across Physical Networks & Hybrid Cloud Environments The Network Security Challenge In today s world, enterprises face considerably more network
More informationHuman Capital Advantage for Business What is the value of ADP ihcm for HR Directors?
Human Capital Advantage for Business What is the value of ADP ihcm for HR Directors? HR.Payroll.Benefits. ADP ihcm: Rethink Human Capital Management The need for HR to be a true business partner has never
More informationIBM X-Force 2012 Cyber Security Threat Landscape
IBM X-Force 2012 Cyber Security Threat Landscape 1 2012 IBM Corporation Agenda Overview Marketing & Promotion Highlights from the 2011 IBM X-Force Trend and Risk Report New attack activity Progress in
More informationTable of Contents. Passing Data across Components through Component Controller between Two Value Nodes
Passing Data across Components through Component Controller between Two Value Nodes Applies to: SAP CRM WEBCLIENT UI 2007. For more information, visit the Customer Relationship Management homepage Summary
More informationUse service virtualization to remove testing bottlenecks
Use service virtualization to remove testing bottlenecks Discover integration faults early by pushing integration testing left in the software lifecycle Contents 1 Complex, interconnected applications
More informationSAP Managed Cloud as a Service (MCaaS)
SAP Managed Cloud as a Service (MCaaS) The impact of MCaaS on the Total Cost of Ownership (TCO) of running SAP 1 MEASURE 2 ANALYZE 3 OPTIMIZE VMS AG July 2013 Content KEY FINDINGS Executive Summary IN
More informationSecurity solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.
Security solutions White paper Acquire a global view of your organization s security state: the importance of security assessments. April 2007 2 Contents 2 Overview 3 Why conduct security assessments?
More informationMean Time to Fix (MTTF) IT Risk s Dirty Little Secret Joe Krull, CPP, CISSP, IAM, CISA, A.Inst.ISP, CRISC, CIPP
Mean Time to Fix (MTTF) IT Risk s Dirty Little Secret Joe Krull, CPP, CISSP, IAM, CISA, A.Inst.ISP, CRISC, CIPP Presentation Overview Basic Application Security (AppSec) Fundamentals Risks Associated With
More informationThe Seven Deadly Myths of Software Security Busting the Myths
The Seven Deadly Myths of Software Security Busting the Myths With the reality of software security vulnerabilities coming into sharp focus over the past few years, businesses are wrestling with the additional
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationDatabase Auditing & Security. Brian Flasck - IBM Louise Joosse - BPSolutions
Database Auditing & Security Brian Flasck - IBM Louise Joosse - BPSolutions Agenda Introduction Drivers for Better DB Security InfoSphere Guardium Solution Summary Netherlands Case Study The need for additional
More informationPanel: SwA Practices - Getting to Effectiveness in Implementation
Panel: SwA Practices - Getting to Effectiveness in Implementation (EMC s Evolution of Product Security Assurance) Dan Reddy, CISSP, CSSLP EMC Product Security Office Software Assurance Forum Gaithersburg,
More informationInteractive Application Security Testing (IAST)
WHITEPAPER Interactive Application Security Testing (IAST) The World s Fastest Application Security Software Software affects virtually every aspect of an individual s finances, safety, government, communication,
More informationKuppingerCole Product Research Note. Virtual Forge CodeProfiler. by Prof. Dr. Sachar Paulus March 2012
KuppingerCole Product Research Note by Prof. Dr. Sachar Paulus March 2012 Virtual Forge CodeProfiler KuppingerCole Product Research Note Virtual Forge CodeProfiler KuppingerCole Product Research Note Virtual
More informationHP Application Security Center
HP Application Security Center Web application security across the application lifecycle Solution brief HP Application Security Center helps security professionals, quality assurance (QA) specialists and
More informationSharePoint Governance & Security: Where to Start
WHITE PAPER SharePoint Governance & Security: Where to Start 82% The percentage of organizations using SharePoint for sensitive content. AIIM 2012 By 2016, 20 percent of CIOs in regulated industries will
More informationStreamlining Web and Email Security
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationEnabling Continuous PCI DSS Compliance. Achieving Consistent PCI Requirement 1 Adherence Using RedSeal
SOLUTION BRIEF Enabling Continuous PCI DSS Compliance Achieving Consistent PCI Requirement 1 Adherence Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965 Freedom Circle, Suite 800, Santa
More informationInterworks. Interworks Cloud Platform Installation Guide
Interworks Interworks Cloud Platform Installation Guide Published: March, 2014 This document contains information proprietary to Interworks and its receipt or possession does not convey any rights to reproduce,
More informationCyber Exploits: Improving Defenses Against Penetration Attempts
Cyber Exploits: Improving Defenses Against Penetration Attempts Mark Burnette, CPA, CISA, CISSP, CISM, CGEIT, CRISC, QSA LBMC Security & Risk Services Today s Agenda Planning a Cyber Defense Strategy How
More informationAn Oracle White Paper January 2011. Oracle Database Firewall
An Oracle White Paper January 2011 Oracle Database Firewall Introduction... 1 Oracle Database Firewall Overview... 2 Oracle Database Firewall... 2 White List for Positive Security Enforcement... 3 Black
More informationSAP Standard for Security
SAP Standard for E2E Solution Operations Document Version: 1.0 2014-12-12 SAP Solution Manager 7.1 Typographic Conventions Type Style Example Description Words or characters quoted from the screen. These
More informationWorking with Sage Customer Support (Sage 100 ERP and Sage 500 ERP)
Table of Contents Who Can Call Sage Customer Support... 2 When To Call Sage Customer Support... 2 When To Call Your Sage Business Partner... 4 How to Fast Track Your Case... 5 Escalating an Issue with
More informationMinimizing code defects to improve software quality and lower development costs.
Development solutions White paper October 2008 Minimizing code defects to improve software quality and lower development costs. IBM Rational Software Analyzer and IBM Rational PurifyPlus software Kari
More information