The Security Development Lifecycle at SAP How SAP Builds Security into Software Products

Similar documents
How To Make Your Software More Secure

R49 Using SAP Payment Engine for payment transactions. Process Diagram

SAP Security Recommendations December Secure Software Development at SAP Embedding Security in the Product Innovation Lifecycle Version 1.

Driving Excellence in Implementation and Beyond The Underlying Quality Principles

Partner Certification to Operate SAP Solutions and SAP Software Environments

Price and Revenue Management - Manual Price Changes. SAP Best Practices for Retail

How to Deliver a Coordinated Customer Experience across Every Channel

Run SAP Risk Management in Utilities to Get Business Value Fast

4 Ways That Electric Vehicles Will Impact Utilities

K75 SAP Payment Engine for Credit transfer (SWIFT & SEPA) Process Diagram

GR5 Access Request. Process Diagram

Transform Your SAP Applications Landscape to Meet Changing Business Requirements

Extend Business Scope and Improve Governance with SAP Content Management

Run SAP Risk Management for Enterprise Risks in Life Sciences for Fast Business Value

SEPA in SAP CRM. Application Innovation, CRM & Service Industries. Customer

SAP ERP E-Commerce and SAP CRM Web Channel Enablement versions available on the market

SAP Product and Cloud Security Strategy

BPCL: Delivering New Functionality Faster and Reliably with SAP Software and SAP Enterprise Support

SAP Solution Manager: The IT Solution from SAP for IT Service Management and More

A Cloud-Based Foundation for Enterprise Mobility

Transform HR into a Best-Run Business Best People and Talent: Gain a Trusted Partner in the Business Transformation Services Group

Multi Channel Sales Order Management: Mail Order. SAP Best Practices for Retail

PSM-PPM Integration SAP Product Structure Management

SAP Travel OnDemand Solution An Easier Way to Travel

Receivables Management with SAP Software

Faster Development Through Virtualization

SM250 IT Service Management Configuration

Simplify and Secure Cloud Access to Critical Business Data

Detect, Prevent, and Deter Fraud in Big Data Environments

Installation Guide: Agentry Device Clients SAP Mobile Platform 2.3

Start Anywhere and Go Everywhere with Cloud Services for HR

Transform Audit Practices and Move Beyond Assurance

How To Use An Automotive Consulting Solution In Ansap

Improve Business Efficiency by Automating Intercompany Transactions

FA7 - Time Management: Attendances/Absences/Overtime/Hajj Leave. Process Diagram

SAP NetWeaver Application Server Add-On for Code Vulnerability Analysis

Project Proposal: SAP Big Data Analytics on Mobile Usage Inferring age and gender of a person through his/her phone habits

K88 - Additional Business Operations for Loans. Process Diagram

GSK Vaccines: Easing Compliance with SAP Process Control

SuccessFactors Global Human Capital Management (HCM) Academy and Admin Training Schedule (Q3 Q4 2014)

Elevate Your Customer Engagement Strategy with Cloud Services

How 21 st century Purchasing- and Finance organizations leverage Business Networks for automation and business collaboration

Philips Respironics GK: Helping Customers Breath Easier with the SAP CRM Rapid-Deployment Solution

Streamline Processes and Gain Business Insights in the Cloud

Automotive Consulting Solution. CHEP - EDI- Container Data

Infosys: Treating Governance and Compliance Strategically with SAP Access Control

Build Better Social Relationships and Realize Better Results

Surrey County Council: Better Business Intelligence with Help from SAP Enterprise Support

Upgrade: SAP Mobile Platform Server for Windows SAP Mobile Platform 3.0 SP02

Clariant: Optimizing Product Safety and Stewardship with SAP Software

Power Smart Business Operations with Real-Time Process Intelligence

Downport to SAP GUI for documents Access Control Management

Cost-Effective Data Management and a Simplified Data Warehouse

Manage the Mobile Workforce Without the Complexity and Expense of an On-Premise Installation

How To Be Healthy With Sap Business One

Petrojam: Boosting Operational Efficiency by Upgrading Its SAP ERP Application

How-To Guide SAP Cloud for Customer Document Version: How to replicate marketing attributes from SAP CRM to SAP Cloud for Customer

Optimize Revenue for High-Volume Service Providers with Pricing Simulation

Transform Invoice Management with a Hybrid of Cloud and On-Premise Software

SAP Solution Overview: SAP Cloud for Travel and Expense An Easier Way to Travel

Increase the Efficiency and Value of Healthcare Contact Centers

Contents. About this Support Package / Patch...5. To install the EPM Add-in for Microsoft Office Support Package 15 / Patch XX...

Bharat Petroleum: Fueling Real Estate Revenues with SAP Real Estate Management

Accelerate Time to Value and Innovation Through Complete Contract Management

Japan Display: Fast-Tracking SAP ERP with a Cloud-Based Quick Start

Outperform Financial Objectives and Enable Regulatory Compliance

Deutsche Postbank: Managing a Large-Scale Upgrade with SAP Software and Support

Optimize Application Performance and Enhance the Customer Experience

MLP: Simpler Processes and Improved Usability with SAP Customer Relationship Management

Getting Started with the License Administration Workbench 2.0 (LAW 2.0)

Harness the Power of Analytics Across Lines of Business with Speed and Ease

SAP Audit Management A Preview

Warwick Analytics: Building Powerful Software Certified to Integrate with SAP HANA

KT Corp: Driving Innovation in Business Processes by Running the SAP ERP Application in the Cloud

ABB: Independently Streamlining Its Organizational Setup with SAP Landscape Transformation

Collaborative Quality Ensuring the Success of Your SAP Software Implementation

Integrate, Automate, and Personalize Business Communications with Greater Ease

Integration capabilities of SAP S/4HANA to SAP Cloud Solutions

Reduce Costs and Improve Materials Management with Mobile Technology

Simplify Complex Architectures and See the Potential Impact of New Technologies

DONG Energy: Targeting Messages and Increasing Response Rates

HealthWyse: Meeting the Financial, Clinical, Analytical, and Reporting Needs of Home Care Agencies

An End-to-End Population Health Management for High Risk Patients

How-To Guide SAP NetWeaver Document Version: How To Guide - Configure SSL in ABAP System

Create Mobile, Compelling Dashboards with Trusted Business Warehouse Data

Enterprise Information Management Services Managing Your Company Data Along Its Lifecycle

Protect Your Connected Business Systems by Identifying and Analyzing Threats

Resource Management for the Oil and Gas Industry

Proactive Collections and Dispute Management with SAP Software

Optimize Retail Label and Poster Printing with SAP Software

Sync, Share, and Store Information Across Devices Effectively and Securely

Enhance Customer Service with Integrated Scale Management Software from SAP

Keep Enterprise Assets Productive with Effective Master Data Governance

Interactive Dashboards for Decision Makers

Design the Future of Your Human Resources with SuccessFactors Solutions

Certificate SAP INTEGRATION CERTIFICATION

SAP Business One, version for SAP HANA Platform Support Matrix

COSCON: SAP Technologies Help Create a Unified Enterprise Data Platform for Global Operations

Cepas Argentinas: Improving Business Intelligence with SAP Web Channel Experience Management

K84 - Consumer Loan Lifecycle without Direct Debit. Process Diagram

Transcription:

SAP Security Concepts and Implementation The Security Development Lifecycle at SAP How SAP Builds Security into Software Products

Table of Contents 4 Integrating Security Right from the Start 4 Establishing a Standard for Product Security 5 Quality Gates 5 Regulatory Compliance 5 Testing During Development 5 Product Security Consulting 6 Product Security Education and Training 6 Threat Modeling 6 Find Out More 2 / 6

Developing secure software requires a strategy that covers not just the entire product lifecycle but the product s complete investment program as well, starting with product concept and embracing design, development, and even shipment. Postdelivery, SAP continues to protect its software by providing security patches, so customers can mitigate the latestbreaking challenges to software security. SAP builds security into its software right from the beginning. Because the strategy to achieve and maintain security in SAP software is so thorough and so well conceived, SAP customers can: Know they are running business processes on products that have been carefully tested Benefit from stable, secure software today and in the long run Achieve sustained regulatory compliance Rely on a group of world-class security experts professionally dedicated to managing product security at SAP 3 / 6

Integrating Security Right from the Start Even the most effective security measure will fail to deliver on expectations if it is implemented poorly. High-quality code is the most important basis for building secure products. To address this key issue, SAP approaches product security holistically to make sure there is no missing link. And the security development lifecycle in place at SAP makes sure product code is of the highest quality. ESTABLISHING A STANDARD FOR PRODUCT SECURITY SAP employs a framework for product development to enforce a standard for achieving high product security and quality. The framework covers all organizational phases associated with product investment, from the initial decision to create the product to project execution and postdelivery. The framework is designed to see that security is built right into the software so that all security and privacy requirements are fulfilled. The set of requirements is not static, however. It is updated on a continual basis from information provided by public sources dedicated to ferreting out and publishing software vulnerabilities. Just some of these sources include Common Weakness Enumeration (CWE), a software community that maintains a catalog of detected software vulnerabilities; Common Vulnerabilities and Exposures (CVE), a database of documented computer security weaknesses; SANS Institute; and Open Web Application Security Project (OWASP), an open-source Web application project. The product standard for security at SAP is based on SAP s long tradition of building reliable and secure software. The standard encompasses a wide range of methodologies and measures, such as threat modeling, security assessment, security consulting for development teams, and training. 4 / 6

The product standard for security at SAP is based on SAP s long tradition of building reliable and secure software. Quality Gates SAP products in development undergo checks at specific points called quality gates (Q-gates). These are mandatory milestones that occur at each major stage in the development of a product. Not only is the quality of the software product assessed at these Q-gates, but the product must pass each Q-gate before it can move on to the next lifecycle phase. Q-gates verify the functionality and security of a product, along with performance and usability. Regulatory Compliance SAP has governance policies in place to oversee that whatever work is performed during the security development lifecycle complies with applicable legal requirements. These policies also require that each SAP software product meets all applicable legal regulations in the markets to which the software is to be shipped. Testing During Development Source code reviews, architecture audits, penetration tests, and security source code scans (static analysis) are integral parts of the security development lifecycle at SAP. SAP runs a scalable test infrastructure that seamlessly integrates with product development. This infrastructure ensures that every product is thoroughly tested before it is released. Product Security Consulting A team of world-class security experts helps product teams understand, address, and resolve complex security issues. This highly specialized internal security consulting enables SAP product teams to get architectures right from the outset and helps them eliminate potential security issues early on in the development process before any code is committed. 5 / 6

Product Security Education and Training Awareness drives improvement. Security consulting plus in-depth training are key elements for enabling the development community at SAP to build and maintain secure software. In addition to developers, the vast majority of customerfacing people at SAP are familiar with the security big picture at SAP. Threat Modeling SAP introduced a refined threat modeling process within its security development lifecycle. Threat modeling is a proven method for achieving high product security. In addition, threat modeling provides tangible economic advantages by enabling developers to find and eliminate design issues at an early stage. Find Out More To learn more about the framework SAP uses to achieve world-class product security, please contact your SAP representative. 6 / 6 CMP29034 (13/12)

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided by SAP AG and its affiliated companies ( SAP Group ) for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Please see http://www.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark information and notices.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information