SAP NetWeaver Application Server Add-On for Code Vulnerability Analysis. Patrick Hildenbrand, Product Management Security, SAP AG September 2014
|
|
- Cynthia Dean
- 8 years ago
- Views:
Transcription
1 SAP NetWeaver Application Server Add-On for Code Vulnerability Analysis Patrick Hildenbrand, Product Management Security, SAP AG September 2014
2 Disclaimer This presentation outlines our general product direction and should not be relied on in making a purchase decision. This presentation is not subject to your license agreement or any other agreement with SAP. SAP has no obligation to pursue any course of business outlined in this presentation or to develop or release any functionality mentioned in this presentation. This presentation and SAP's strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. SAP assumes no responsibility for errors or omissions in this document, except if such damages were caused by SAP intentionally or grossly negligent SAP AG. All rights reserved. 2
3 Source Code The Source of the Risk
4 Current software security vulnerability situation Your software is everywhere How can you be sure that these highly accessible applications are also highly secure? Today's business applications have a history Grown over the years Complex Built on changing requirements Created based on different development paradigms Optimized for Performance Extended but not reinvented 2012 SAP AG. All rights reserved. 4
5 Application Security Testing Security Testing in terms of dynamic application security testing (DAST) and static application security testing (SAST) are measures to improve code quality and security Neither DAST nor SAST are a guarantee to find all security issues in an application DAST find vulnerabilities in the running application find vulnerabilities analyzing the sources SAST Manual Application Penetration Testing Manual Source Code Review Automated Application Vulnerability Scanning Automated Source Code Analysis 2012 SAP AG. All rights reserved. 5
6 Does application security pay? In a 2013 study by Kaspersky Labs, 85% of the companies interviewed have reported internal IT security incidents, and software vulnerabilities were the single biggest cause. A hack not only costs a company money, but also its reputation and the trust of its customers. It can take years and millions of dollars to repair the damage that a single computer hack inflicts. Examples of costs related to attacks exploiting software vulnerabilities: Retailer (2007): $ 250 million Electronics manufacturer (2011): $ 170 million Payment Systems company (2009): $ 41 million 2012 SAP AG. All rights reserved. 6
7 Automated Detection of Weaknesses in ABAP Sources
8 SAP NetWeaver Code Vulnerability Analyzer Feature Set Reduced False-Positive rate by data flow analysis Supports exemption workflows to ease handling of false positives Integrated into standard ABAP development infrastructure to enable easy consumption by developers Increased Security for your Applications Supports automation requirements by Quality Assurance Teams Priority of each check can be adjusted to match the requirements Extensive Documentation to support developers in fixing issues found 2012 SAP AG. All rights reserved. 8
9 Introductory Example: SQL Injection Input for street: xyz' salary = '1500 set_expr: STREET = 'xyz' salary = '1500'... SET STREET = 'xyz' salary = '1500' 2012 SAP AG. All rights reserved. 9
10 How Code Vulnerability Analysis will work 1. There is an input field 3. There is a data flow between the input field and the dangerous statement 2. There is a potentially dangerous statement The Code Analyzer is searching for potentially vulnerable statements, where the input comes from untrusted sources. Only such occurrences will be reported! 2012 SAP AG. All rights reserved. 10
11 Integrated into standard developer tools Based on the integration into the ABAP Test Cockpit, the code checks can easily be launched from most developer tools like SE80, SE38 and more. You can not only launch checks for single objects but also for groups of objects 2012 SAP AG. All rights reserved. 11
12 Supporting the Developer in fixing his code Detailed documentation of detected issues including explanation on the nature of the weakness and information on how to avoid it makes it easy for the developer to understand and fix the issue. The tool supports direct navigation to - the location in his sources - the related documentation - the workflow to create an exemption to allow efficient handling of findings SAP AG. All rights reserved. 12
13 Corrected Program This method adds ' ' around the value of street and escapes every ' within the value. Note: phone is an integer type and does not need to be escaped SAP AG. All rights reserved. 13
14 Fine Granular Control of Priorities By the ability to control the priority of every single finding, you are able to take into account your own risk and security requirements. This possibility also allows for a phased approach, enabling security checks over time only for better acceptance by developers SAP AG. All rights reserved. 15
15 Integrated into the ABAP Test Cockpit (ATC) ATC is an ABAP check framework which allows running static checks and unit tests for ABAP programs. ATC is fully integrated into the development environment and transport tools, along with instant navigation, documentation and fix recommendation and more. What are the benefits? ATC is the single point of entry for all static code check tools ATC comprises a 4-eye principle exemption process to handle findings effectively ATC is fully integrated in the ABAP development workbench with a high usability for developers and quality experts ATC is not only a check tool but supports essential QA techniques like Q-Gates or regression testing in a consolidation system ABAP Test Cockpit (ATC) Syntax Check (Check, SE80) Extended Program Check (SLIN) SAP Code Vulnerability Analyzer (SLIN_SEC) SAP Code Inspector (SCI) 2012 SAP AG. All rights reserved. 16
16 Architecture Overview ABAP Developer Quality Expert R R ABAP Workbench ABAP Editors R ABAP Test Cockpit (ATC) Check Exemptions Results R Transport Management R ABAP Source Code Code Inspector Checks R R SLIN Security Checks 2012 SAP AG. All rights reserved. 17
17 Testing ABAP everywhere with the ABAP Test Cockpit (ATC)
18 ABAP Test Cockpit (ATC) What is it? ATC is an ABAP check framework which allows running static checks and unit tests for ABAP programs ATC is fully integrated into the development environment and transport tools, along with instant navigation, documentation and fix recommendation What are the benefits? ATC is the single point of entry for all static code check tools ATC comprises a 4-eye principle exemption process to handle findings effectively ATC is fully integrated in the ABAP development workbench with a high usability for developers and quality experts ATC is not only a check tool but supports essential QA techniques like Q-Gates or regression testing in a consolidation system 2012 SAP AG. All rights reserved. 19
19 ATC Configuration Using ATC Configuration, you can define The ATC master system The checks to be used as a default Enable or disable exemptions Configure the behavior of the transport subsystem in case of failing ATC checks of transports SAP AG. All rights reserved. 20
20 ABAP Test Cockpit integrated into the ABAP IDE 2012 SAP AG. All rights reserved. 21
21 Example for a Development Landscape Development System 1 Quality-Gate: Check during transport release Q-experts run mass checks and distribute the results Developers run static/unit/scenario tests on their objects Periodic check runs to validate the code of a development team Consolidation System Quality-Gate: Development System 2 Quality-Gate: Check during transport release i Mass check run and consolidation test Use ONE quality standard for Q-Gates 2012 SAP AG. All rights reserved. 22
22 Developing Landscapes: Scaling and Reporting Development System 1 Development System 2 Consolidation System 1 Development System 5 Development System 6 Consolidation System 3 Development System 3 Development System 4 Consolidation System 2 Solution Manager BI system for reporting: Aggregates all mass test runs Q-Governance: Monitors the quality of development areas and defines the quality standard 2012 SAP AG. All rights reserved. 28
23 Security Checks in Detail Overview of available checks
24 Overview of available checks SQL Injection (Open SQL) Web Exploitability SQL Injection (ADBC) Backdoors & Authorizations Security Checks Code Injection (ABAP) Directory Traversal OS Command Injection Call Injection 2012 SAP AG. All rights reserved. 30
25 Overview of the available checks - SQL Injection (Open SQL) - Manipulation of dynamic Open SQL Potential manipulation of the dynamic WHERE condition (1101) Potential manipulation of a dynamic WHERE condition using the parameter I_FILTER of the object services method CREATE_QUERY (1122) Potential manipulation of the SET clause in the statement UPDATE (1112) Potential read performed on an illegal database table in a SELECT statement (1118) Potential read performed on an illegal database table in a modifying OpenSQL statement (1120) Potential read performed on invalid table columns (1114) Potential use of illegal columns in a dynamic GROUP BY clause (1116) Potential use of illegal columns in a dynamic HAVING clause (1117) 2012 SAP AG. All rights reserved. 31
26 Overview of the available checks - SQL Injection (ADBC) - Manipulation of SQL statements Potential injection of harmful SQL statements of clauses in execution of DDL statements in ADBC (1128) Potential injection of harmful SQL statements of clauses in execution of DML statements in ADBC (1130) 2012 SAP AG. All rights reserved. 32
27 Overview of the available checks - Code Injection (ABAP) - Manipulation of ABAP code created dynamically Potential injection of harmful code in the statements INSERT REPORT and GENERATE SUBROUTINE POOL (1108) Potential manipulation of the dynamic WHERE condition in an internal table (1190) 2012 SAP AG. All rights reserved. 33
28 Overview of the available checks - Call Injection - Manipulation in dynamic calls Potential call of an illegal transaction using the statement CALL TRANSACTION (1142) Potential call of an unwanted transaction using the statement LEAVE TO TRANSACTION (1143) Potential call of an illegal program using the statement SUBMIT (1141) Potential call of invalid function module using RFC (1140) 2012 SAP AG. All rights reserved. 34
29 Overview of the available checks - OS Command Injection - Injections of operating system commands Statement CALL 'SYSTEM' used (1170) Potential manipulation in the FILTER addition of the statement OPEN DATASET (1106) 2012 SAP AG. All rights reserved. 35
30 Overview of the available checks - Directory Traversal - Access to illegal directories and files Potential manipulation of the file name in the statement OPEN DATASET or DELETE DATASET (1104) Potential manipulation of the file name in the method CREATE_UTF8_FILE_WITH_BOM of the class CL_ABAP_FILE_UTILITIES (1124) 2012 SAP AG. All rights reserved. 36
31 Overview of the available checks - Backdoors & Authorizations - Weak authorization checks or user administration bypassed Hard-coded user name, possibly from undeleted test code or an indication of a back door (0821) SY-SUBRC not evaluated after the statement AUTHORITY-CHECK (1160) AUTHORITY-CHECK with explicit user name (1180) AUTHORITY-CHECK with explicitly specified user name sy-uname (1181) 2012 SAP AG. All rights reserved. 37
32 Overview of the available checks - Web Exploitability - Possible attacks using Web technologies Obsolete escape method used (1150) 2012 SAP AG. All rights reserved. 38
33 Summary
34 Your Way to Secure ABAP Code - Summary - One weakness is enough to put your business at a risk! Regularly check your source code and ensure that code fits to state of the art security programming best practices Train the developers to ensure they know the common weakness Don t expect that security is a once in a lifetime project security improvements are part of your daily work! 2012 SAP AG. All rights reserved. 40
35 Summary: Code Vulnerability Analyzer Developed by the team creating the ABAP language Tightly integrated into standard testing infrastructure Already tested and in use by SAP internally for several years Successfully piloted by customers SAP NetWeaver AS, add-on for code vulnerability analysis is available as of: SAP NetWeaver AS ABAP 7.0 EhP2 Support Package 14 SAP NetWeaver AS ABAP 7.0 EhP3 Support Package 09 SAP NetWeaver AS ABAP 7.3 EhP1 Support Package 09 SAP NetWeaver AS ABAP 7.4 Support Package 05 and later releases 2012 SAP AG. All rights reserved. 43
36 Summary: ABAP Test Cockpit ATC is the standard ABAP check frame work at SAP The ABAP Test Cockpit (ATC) is a tool for doing static and dynamic quality checks of ABAP code and associated repository objects ATC is based on Code Inspector Very easy migration: Just re-use your current global Code Inspector check variant ATC is available as part of: SAP NetWeaver AS ABAP 7.0 EhP2 Support Package 12 SAP NetWeaver AS ABAP 7.0 EhP3 Support Package 05 SAP NetWeaver AS ABAP 7.3 EhP1 Support Package 05 SAP NetWeaver AS ABAP 7.3 EhP2 and later releases 2012 SAP AG. All rights reserved. 44
37 Further Information SAP NetWeaver Application Server, add-on for code vulnerability analysis Roadmap presentation: ABAP Test and Analysis Tools ABAP Test Cockpit (ATC) SAP Community SAP AG. All rights reserved. 45
38 Thank you Contact information: Patrick Hildenbrand SAP NetWeaver Product Management Security
39 Customer References
40 2012 SAP AG. All rights reserved. 48
SAP NetWeaver Application Server Add-On for Code Vulnerability Analysis
SAP NetWeaver Application Server Add-On for Code Vulnerability Analysis Disclaimer This presentation outlines our general product direction and should not be relied on in making a purchase decision. This
More informationSecurity Think beyond! Patrick Hildenbrand, SAP HANA Platform Extensions June 17, 2014
Security Think beyond! Patrick Hildenbrand, SAP HANA Platform Extensions June 17, 2014 Disclaimer This presentation outlines our general product direction and should not be relied on in making a purchase
More informationABAP Custom Code Security
ABAP Custom Code Security A collaboration of: SAP Global IT & SAP Product Management for Security, IDM & SSO November, 2012 Public SAP Global IT - ABAP custom code security 1. Introduction / Motivation
More informationHow To Manage Work Mode On An It Calendar On An Apa System
SAP Solution Manager 7.1 Technical Administration Work Center Setup Q2, 2011 Disclaimer This presentation outlines our general product direction and should not be relied on in making a purchase decision.
More informationzur Erstellung von Präsentationen
Dr. Markus Schumacher PPT Reliable Masterfolie SAP Applications We protect your ABAP We protect your ABAP TM Code: Security, Compliance, Performance, Maintainability & Robustness CONTENTS 1. About Virtual
More informationSAP HANA SPS 09 - What s New? Administration & Monitoring
SAP HANA SPS 09 - What s New? Administration & Monitoring (Delta from SPS08 to SPS09) SAP HANA Product Management November, 2014 2014 SAP AG or an SAP affiliate company. All rights reserved. 1 Content
More informationHack In The Box Conference 2011, Amsterdam. Dr. Markus Schumacher
Hack In The Box Conference 2011, Amsterdam Dr. Markus Schumacher PPT SQL Masterfolie Injection with ABAP zur Ascending Erstellung from Open von SQL Injection Präsentationen to ADBC Injection Who am I Andreas
More informationSAP Security Recommendations December 2011. Secure Software Development at SAP Embedding Security in the Product Innovation Lifecycle Version 1.
SAP Security Recommendations December 2011 Secure Software Development at SAP Embedding Security in the Product Innovation Lifecycle Version 1.0 Secure Software Development at SAP Table of Contents 4
More informationITM204 Post-Copy Automation for SAP NetWeaver Business Warehouse System Landscapes. October 2013
ITM204 Post-Copy Automation for SAP NetWeaver Business Warehouse System Landscapes October 2013 Disclaimer This presentation outlines our general product direction and should not be relied on in making
More informationData Management for SAP Business Suite and SAP S/4HANA. Robert Wassermann, SAP SE
Data Management for SAP Business Suite and SAP S/4HANA Robert Wassermann, SAP SE Disclaimer This presentation outlines our general product direction and should not be relied on in making a purchase decision.
More informationSAP BusinessObjects BI Content Lifecycle Management Best Practices
SAP BusinessObjects BI Content Lifecycle Management Disclaimer This presentation outlines our general product direction and should not be relied on in making a purchase decision. This presentation is not
More informationAndreas Wiegenstein Dr. Markus Schumacher
Andreas Wiegenstein Dr. Markus Schumacher PPT SAP Masterfolie GUI Hacking (V1.0) zur Troopers Erstellung Conference von 2011, Heidelberg Präsentationen Who am I Andreas PPT Masterfolie Wiegenstein CTO
More informationSecure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda
Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda 1. Introductions for new members (5 minutes) 2. Name of group 3. Current
More informationMigration and Upgrade Paths to SAP Process Orchestration. Udo Paltzer Product Owner SAP Process Integration, SAP HANA Cloud Integration
Migration and Upgrade Paths to SAP Process Orchestration Udo Paltzer Product Owner SAP Process Integration, SAP HANA Cloud Integration Disclaimer This presentation outlines our general product direction
More informationIntroduction to SAP HANA SQLScript Rich Heilman SESSION CODE: BT162
Introduction to SAP HANA SQLScript Rich Heilman SESSION CODE: BT162 Disclaimer This presentation outlines our general product direction and should not be relied on in making a purchase decision. This presentation
More informationDetecting Data Leaks in SAP -
Andreas Wiegenstein TITEL bearbeiten Dr. Markus Schumacher IT Defense, January 30th February 1st, Berlin Detecting Data Leaks in SAP - The Click Next to Level edit Master of Static text Code styles Analysis
More informationWeb application security: automated scanning versus manual penetration testing.
Web application security White paper January 2008 Web application security: automated scanning versus manual penetration testing. Danny Allan, strategic research analyst, IBM Software Group Page 2 Contents
More informationBringing Security Testing to Development. How to Enable Developers to Act as Security Experts
Bringing Security Testing to Development How to Enable Developers to Act as Security Experts Background: SAP SE SAP SE Business Software Vendor Over 68000 employees Worldwide development Myself Security
More informationApplication Life-Cycle Management Solution Documentation
Application Life-Cycle Management Solution Documentation Solution Management Application Life-Cycle Management SAP AG Disclaimer This presentation is a preliminary version and not subject to your license
More informationSAP Netweaver Application Server and Netweaver Portal Security
VU University Amsterdam SAP Netweaver Application Server and Netweaver Portal Security Author: Nick Kirtley Supervisors: Abbas Shahim, Frank Hakkennes Date: 28-09-2012 Organization: VU University Amsterdam,
More informationHow To Make Your Software More Secure
SAP Security Concepts and Implementation Source Code Scan Tools Used at SAP Detecting and Eliminating Security Flaws Early On Table of Contents 4 SAP Makes Code Scan Tools for ABAP Programming Language
More informationSAP Change Control - One Integrated Process to Manage Software Solution Deployments SAP AG
SAP Change Control - One Integrated Process to Manage Software Solution Deployments SAP AG Disclaimer This presentation outlines our general product direction and should not be relied on in making a purchase
More informationSAP HANA SPS 09 - What s New? Development Tools
SAP HANA SPS 09 - What s New? Development Tools (Delta from SPS 08 to SPS 09) SAP HANA Product Management November, 2014 2014 SAP SE or an SAP affiliate company. All rights reserved. 1 Overview What s
More informationSEC100 Secure Authentication and Data Transfer with SAP Single Sign-On. Public
SEC100 Secure Authentication and Data Transfer with SAP Single Sign-On Public Speakers Las Vegas, Oct 19-23 Christian Cohrs, Area Product Owner Barcelona, Nov 10-12 Regine Schimmer, Product Management
More informationSAP Automated Testing Excellence Using HP Quality Center Test Tools. Linda Lehman, SAP Kjell Lillemoen, HP
SAP Automated Testing Excellence Using HP Quality Center Test Tools Linda Lehman, SAP Kjell Lillemoen, HP Content SAP End-2-End Test Management What s new in Solution Manager 7.1 Business Process Change
More information1000 Projects later. Security Code Scans at SAP
1000 Projects later Security Code Scans at SAP About Us Ruediger Bachmann is a Development Architect at SAP AG working, as member of the central code analyses team, in the areas application security and
More informationMembers of the UK cyber security forum. Soteria Health Check. A Cyber Security Health Check for SAP systems
Soteria Health Check A Cyber Security Health Check for SAP systems Soteria Cyber Security are staffed by SAP certified consultants. We are CISSP qualified, and members of the UK Cyber Security Forum. Security
More informationEnd-to-End Integration Testing of SAP-centric Solutions. ALM Solution Management Active Global Support (AGS) SAP AG
End-to-End Integration Testing of SAP-centric Solutions ALM Solution Management Active Global Support (AGS) SAP AG Disclaimer This presentation outlines our general product direction and should not be
More informationBC450 ABAP Performance: Analysis and Optimization
ABAP Performance: Analysis and Optimization SAP NetWeaver Application Server - ABAP Course Version: 93 Course Duration: 5 Day(s) Publication Date: 18-10-2012 Publication Time: 1025 Copyright Copyright
More informationSix Essential Elements of Web Application Security. Cost Effective Strategies for Defending Your Business
6 Six Essential Elements of Web Application Security Cost Effective Strategies for Defending Your Business An Introduction to Defending Your Business Against Today s Most Common Cyber Attacks When web
More informationEnd User Training and Documentation a capability of Solution Implementation. August 2011
End User Training and Documentation a capability of Solution Implementation August 2011 Disclaimer This presentation outlines our general product direction and should not be relied on in making a purchase
More informationSAP HANA SAP s In-Memory Database. Dr. Martin Kittel, SAP HANA Development January 16, 2013
SAP HANA SAP s In-Memory Database Dr. Martin Kittel, SAP HANA Development January 16, 2013 Disclaimer This presentation outlines our general product direction and should not be relied on in making a purchase
More informationInfluencing Customer Connection Get more value from your SAP investments. Delivery Call Focus Topic NetWeaver MDM
Influencing Customer Connection Get more value from your SAP investments Delivery Call Focus Topic NetWeaver MDM Legal disclaimer The information in this presentation is confidential and proprietary to
More informationImplementing and Maintaining Microsoft SQL Server 2005 Reporting Services COURSE OVERVIEW AUDIENCE OUTLINE OBJECTIVES PREREQUISITES
COURSE OVERVIEW This three-day instructor-led course teaches students how to implement a ing Services solution in their organizations. The course discusses how to use the ing Services development tools
More informationSAP Agile Data Preparation
SAP Agile Data Preparation Speaker s Name/Department (delete if not needed) Month 00, 2015 Internal Legal disclaimer The information in this presentation is confidential and proprietary to SAP and may
More informationSAP NetWeaver Information Lifecycle Management
SAP NetWeaver Information Lifecycle Management What s New in Release 7.03 and Future Direction June 2012 SAP NetWeaver Information Lifecycle Management Information lifecycle management Retention management
More informationAC 10.0 Customizing Workflows for Access Management
AC 10.0 Customizing Workflows for Access Management Customer Solution Adoption June 2011 Version 2.0 Purpose of this document This document allows implementation consultants and administrators to setup
More informationDie Technologieplattform der Zukunft. Arne Speck Solution Expert, Mobility & Technology, SAP (Schweiz) AG
Die Technologieplattform der Zukunft Arne Speck Solution Expert, Mobility & Technology, SAP (Schweiz) AG Disclaimer This presentation outlines our general product direction and should not be relied on
More informationALM 271 From End-User Experience Monitoring to Management Dashboards and Reporting Stefan Lahr, SAP Active Global Support September, 2011
ALM 271 From End-User Experience Monitoring to Management Dashboards and Reporting Stefan Lahr, SAP Active Global Support September, 2011 Disclaimer This presentation outlines our general product direction
More informationSAP HANA Live & SAP BW Data Integration A Case Study
SAP HANA Live & SAP BW Data Integration A Case Study Matthias Kretschmer, Andreas Tenholte, Jürgen Butsmann, Thomas Fleckenstein July 2014 Disclaimer This presentation outlines our general product direction
More informationProtect Your Connected Business Systems by Identifying and Analyzing Threats
SAP Brief SAP Technology SAP Enterprise Threat Detection Objectives Protect Your Connected Business Systems by Identifying and Analyzing Threats Prevent security breaches Prevent security breaches Are
More informationAC 10.0 Centralized Emergency Access
AC 10.0 Centralized Emergency Access Customer Solution Adoption June 2011 Version 2.0 Purpose of this document This document is a detailed guide on the emergency access capability of Access Control 10.0.
More informationReference Architecture: Enterprise Security For The Cloud
Reference Architecture: Enterprise Security For The Cloud A Rackspace Whitepaper Reference Architecture: Enterprise Security for the Cloud Cover Table of Contents 1. Introduction 2 2. Network and application
More informationMonitoring and Management of Landscapes with SAP NetWeaver Administrator. Dieter Krieger, SAP AG
Monitoring and Management of Landscapes with SAP NetWeaver Administrator Dieter Krieger, SAP AG Overview of SAP NetWeaver Administrator Setting up SAP NetWeaver Administrator Using SAP NetWeaver Administrator
More informationSAP Mobile Documents. December, 2015
SAP Mobile Documents December, 2015 Disclaimer This presentation outlines our general product direction and should not be relied on in making a purchase decision. This presentation is not subject to your
More informationImplementing and Maintaining Microsoft SQL Server 2008 Reporting Services
Course 6236A: Implementing and Maintaining Microsoft SQL Server 2008 Reporting Services Length: 3 Days Published: December 05, 2008 Language(s): English Audience(s): IT Professionals Level: 200 Technology:
More informationDeveloping Applications for Integration between PI and SAP ERP in Different Network Domains or Landscapes
Developing Applications for Integration between PI and SAP ERP in Different Network Domains or Landscapes Applies to: SAP NetWeaver Process Integration 7.1+ SAP NetWeaver 7.02 (ABAP) Summary This document
More informationEAS-SEC Project: Securing Enterprise Business Applications
EAS-SEC Project: Securing Enterprise Business Applications SESSION ID: SEC-W06 Alexander Polyakov CTO ERPScan @Twitter sh2kerr Alexander Polyakov CTO of the ERPScan inc EAS-SEC.org President Business application
More informationSetup Guide Central Monitoring of SAP NetWeaver Proces Integration 7.3 with SAP Solution Manager 7.1. Active Global Support February 2011
Setup Guide Central Monitoring of SAP NetWeaver Proces Integration 7.3 with SAP Solution Manager 7.1 Active Global Support February 2011 Agenda Overview Landscape Setup Recommended Setup SLD/LMDB Synchronization
More informationUsing Database Performance Warehouse to Monitor Microsoft SQL Server Report Content
Using Database Performance Warehouse to Monitor Microsoft SQL Server Report Content Applies to: Enhancement Package 1 for SAP Solution Manager 7.0 (SP18) and Microsoft SQL Server databases. SAP Solution
More informationBarracuda Web Site Firewall Ensures PCI DSS Compliance
Barracuda Web Site Firewall Ensures PCI DSS Compliance E-commerce sales are estimated to reach $259.1 billion in 2007, up from the $219.9 billion earned in 2006, according to The State of Retailing Online
More informationSAP BW 7.4 Real-Time Replication using Operational Data Provisioning (ODP)
SAP BW 7.4 Real-Time Replication using Operational Data Provisioning (ODP) Dr. Astrid Tschense-Österle, AGS SLO Product Management Marc Hartz, Senior Specialist SCE Rainer Uhle, BW Product Management May
More informationInception of the SAP Platform's Brain Attacks on SAP Solution Manager
Inception of the SAP Platform's Brain Attacks on SAP Solution Manager Juan Perez-Etchegoyen jppereze@onapsis.com May 23 rd, 2012 HITB Conference, Amsterdam Disclaimer This publication is copyright 2012
More informationCompliance & SAP Security. Secure SAP applications based on state-of-the-art user & system concepts. Driving value with IT
Compliance & SAP Security Secure SAP applications based on state-of-the-art user & system concepts Driving value with IT BO Access Control Authorization Workflow Central User Management Encryption Data
More informationChange and Transport System - Overview (BC-CTS)
Change and Transport System - Overview (BC-CTS) HELP.BCCTS Release 4.6C SAP AG Copyright Copyright 2001 SAP AG. All rights reserved. No part of this publication may be reproduced or transmitted in any
More informationSRM User Interface Add-On 1.0 Overview. Michael Jud March 2013
SRM User Interface Add-On 1.0 Overview Michael Jud March 2013 Legal Disclaimer This presentation is not subject to your license agreement or any other agreement with SAP. SAP has no obligation to pursue
More informationDevelop your own Fiori-like Cloud Applications
Develop your own Fiori-like Cloud Applications Matthias Steiner SAP HANA Cloud Platform May 2015 @steinermatt SESSION CODE: BT137 Disclaimer This presentation outlines our general product direction and
More informationSAST, DAST and Vulnerability Assessments, 1+1+1 = 4
SAST, DAST and Vulnerability Assessments, 1+1+1 = 4 Gordon MacKay Digital Defense, Inc. Chris Wysopal Veracode Session ID: Session Classification: ASEC-W25 Intermediate AGENDA Risk Management Challenges
More informationSoftware Requirements
EHP6 for SAP ERP 6.0 October 2014 English SAP Commercial Project Management rapiddeployment solution SAP AG Dietmar-Hopp-Allee 16 69190 Walldorf Germany Copyright 2014 SAP SE or an SAP affiliate company.
More informationAuditing the Security of an SAP HANA Implementation
Produced by Wellesley Information Services, LLC, publisher of SAPinsider. 2015 Wellesley Information Services. All rights reserved. Auditing the Security of an SAP HANA Implementation Juan Perez-Etchegoyen
More informationSAP Predictive Analytics Roadmap Charles Gadalla SAP SESSION CODE: #####
SAP Predictive Analytics Roadmap Charles Gadalla SAP SESSION CODE: ##### LEARNING POINTS What are SAP s Advanced Analytics offerings Advanced Analytics gives a competitive advantage, it can no longer be
More informationAdobe ColdFusion. Secure Profile Web Application Penetration Test. July 31, 2014. Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661
Adobe ColdFusion Secure Profile Web Application Penetration Test July 31, 2014 Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661 Chicago Dallas This document contains and constitutes the
More informationPLSAP CONNECTOR FOR TALEND USER MANUAL
PLSAP CONNECTOR FOR TALEND USER MANUAL www.starschema.net 2 Contents 1. Overview... 3 1.1 Architecture... 3 2. PLSC GUI... 4 2.1 Connection wizard... 4 2.2 Table wizard... 5 3. Components... 6 3.1 tplsapsimpleinput...
More informationSAP Technical Brief SAP NetWeaver. Increase IT Productivity with ABAP Development Tools for SAP NetWeaver
SAP Technical Brief SAP NetWeaver Objectives Increase IT Productivity with ABAP Development Tools for SAP NetWeaver The drive for better, more efficient IT The drive for better, more efficient IT Your
More informationAnti-fraud management solution. Torsten Zube October 2012
Anti-fraud management solution Torsten Zube October 2012 Legal Disclaimer This presentation is not subject to your license agreement or any other agreement with SAP. SAP has no obligation to pursue any
More informationRevolutionized DB2 Test Data Management
Revolutionized DB2 Test Data Management TestBase's Patented Slice Feature Provides a Fresh Solution to an Old Set of DB2 Application Testing Problems The challenge in creating realistic representative
More information1. Building Testing Environment
The Practice of Web Application Penetration Testing 1. Building Testing Environment Intrusion of websites is illegal in many countries, so you cannot take other s web sites as your testing target. First,
More informationSAP Service Tools for Performance Analysis
SAP Service Tools for Performance Analysis Kerstin Knebusch Active Global Support Month 05, 2013 Public Performance Analysis Wait event based Focus on statements causing high load and / or high wait time
More informationTop 10 most interesting SAP vulnerabilities and attacks Alexander Polyakov
Invest in security to secure investments Top 10 most interesting SAP vulnerabilities and attacks Alexander Polyakov CTO at ERPScan May 9, 2012 Me Business application security expert What is SAP? Shut
More informationSAP Portfolio and Project Management
SAP Portfolio and Project New Features and Functions in 5.0 Suite Solution, SAP AG November 2010 Legal Disclaimer This presentation outlines our general product direction and should not be relied on in
More informationSAP Audit Management A Preview
SAP Audit Management A Preview SAP AG November 2013 Customer 1 Agenda Business Challenges The Idea The Solution Roadmap Demo 2013 SAP AG. All rights reserved. Customer 2 Disclaimer The information in this
More informationHow to Instrument for Advanced Web Application Penetration Testing
How to Instrument for Advanced Web Application Penetration Testing Table of Contents 1 Foreword... 3 2 Problem... 4 3 Background... 4 3.1 Dynamic Application Security Testing (DAST)... 4 3.2 Static Application
More informationGlyder Mobile Doc s(for commercial business & healthcare) May, 2014
Glyder Mobile Doc s(for commercial business & healthcare) May, 2014 Disclaimer This presentation outlines our general product direction and should not be relied on in making a purchase decision. This presentation
More informationSAP BusinessObjects Dashboards
SAP BusinessObjects Dashboards Disclaimer This presentation outlines our general product direction and should not be relied on in making a purchase decision. This presentation is not subject to your license
More informationSecurity Certification of Third- Parties Applications
Security Certification of Third- Parties Applications Stanislav Dashevskyi dashevskyi@fbk.eu Advisors: Fabio Massacci, Antonino Sabetta Agenda Introduction Third-party code in web applications Third-party
More informationSAP BW 7.40 Near-Line Storage for SAP IQ What's New?
SAP BW 7.40 Near-Line Storage for SAP IQ What's New? Rainer Uhle Product Management SAP EDW (BW / HANA), SAP SE Public Disclaimer This presentation outlines our general product direction and should not
More informationEnsuring the Security and Quality of Custom SAP Applications
Ensuring the Security and Quality of Custom SAP Applications for smooth-running SAP applications and business processes Security is an important quality feature Security is important to us and to our customers.
More informationSAP IT Infrastructure Management
SAP IT Infrastructure Management Legal Disclaimer This presentation is not subject to your license agreement or any other agreement with SAP. SAP has no obligation to pursue any course of business outlined
More informationSAP S/4HANA Embedded Analytics
Frequently Asked Questions November 2015, Version 1 EXTERNAL SAP S/4HANA Embedded Analytics The purpose of this document is to provide an external audience with a selection of frequently asked questions
More informationWeb Application Security
E-SPIN PROFESSIONAL BOOK Vulnerability Management Web Application Security ALL THE PRACTICAL KNOW HOW AND HOW TO RELATED TO THE SUBJECT MATTERS. COMBATING THE WEB VULNERABILITY THREAT Editor s Summary
More informationEMC Documentum Content Services for SAP Document Controllers
EMC Documentum Content Services for SAP Document Controllers Version 6.0 User Guide P/N 300 005 439 Rev A01 EMC Corporation Corporate Headquarters: Hopkinton, MA 01748 9103 1 508 435 1000 www.emc.com Copyright
More informationPerformance Best Practices Guide for SAP NetWeaver Portal 7.3
SAP NetWeaver Best Practices Guide Performance Best Practices Guide for SAP NetWeaver Portal 7.3 Applicable Releases: SAP NetWeaver 7.3 Document Version 1.0 June 2012 Copyright 2012 SAP AG. All rights
More informationSAP Business One mobile app for Android Version 1.0.x November 2013
SAP Business One mobile app for Android Version 1.0.x November 2013 Legal disclaimer The information in this presentation is confidential and proprietary to SAP and may not be disclosed without the permission
More information2015-09-24. SAP Operational Process Intelligence Security Guide
2015-09-24 SAP Operational Process Intelligence Security Guide Content 1 Introduction.... 3 2 Before You Start....5 3 Architectural Overview.... 7 4 Authorizations and Roles.... 8 4.1 Assigning Roles to
More informationSAP HANA Backup and Recovery (Overview, SPS08)
SAP HANA Backup and Recovery (Overview, SPS08) Andrea Kristen, SAP HANA Product Management October 2014 Disclaimer This presentation outlines our general product direction and should not be relied on in
More informationHow About Security Testing?
How About Security Testing? Jouri Dufour, CTG www.eurostarconferences.com @esconfs #esconfs How About Cybercrime? Our BUSINESS LIFE is online. If A happens, then B must be the case, so I will do
More informationIntroduction. Secure Software Development 9/03/2015. Matias starts. Daan takes over. Matias takes over. Who are we? Round of introductions
Matias starts Who are we? Applying Static Analysis Matias Madou and Daan Raman, Leuven, Feb 27, 2015 1 At NVISO, I m responsible for the software security practice. Next to the client work, I also leads
More informationHow to Implement a SAP HANA Database Procedure and consume it from an ABAP Program Step-by-Step Tutorial
How to Implement a SAP HANA Database Procedure and consume it from an ABAP Program Step-by-Step Tutorial Table of Contents Prerequisites... 3 Benefits of using SAP HANA Procedures... 3 Objectives... 3
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationOracle SQL Developer for Database Developers. An Oracle White Paper June 2007
Oracle SQL Developer for Database Developers An Oracle White Paper June 2007 Oracle SQL Developer for Database Developers Introduction...3 Audience...3 Key Benefits...3 Architecture...4 Key Features...4
More informationAddressing the SAP Data Migration Challenges with SAP Netweaver XI
Addressing the SAP Data Migration Challenges with SAP Netweaver XI Executive Summary: Whether it is during the final phases of a new SAP implementation, during SAP upgrades and updates, during corporate
More informationSAP Solution Manager - Content Transfer This document provides information on architectural and design questions, such as which SAP Solution Manager
SAP Solution Manager - Content Transfer This document provides information on architectural and design questions, such as which SAP Solution Manager content is transferable and how. TABLE OF CONTENTS PREFACE...
More informationEnabling Useful Active Directory Auditing
The Essentials Series: Tackling Active Directory s Four Biggest Challenges Enabling Useful Active Directory Auditing sponsored by by Greg Shields En abling Useful Active Directory Auditing... 1 The Native
More information