How To Make Your Software More Secure

Similar documents
The Security Development Lifecycle at SAP How SAP Builds Security into Software Products

R49 Using SAP Payment Engine for payment transactions. Process Diagram

Receivables Management with SAP Software

Run SAP Risk Management in Utilities to Get Business Value Fast

Extend Business Scope and Improve Governance with SAP Content Management

Price and Revenue Management - Manual Price Changes. SAP Best Practices for Retail

Partner Certification to Operate SAP Solutions and SAP Software Environments

Installation Guide: Agentry Device Clients SAP Mobile Platform 2.3

K75 SAP Payment Engine for Credit transfer (SWIFT & SEPA) Process Diagram

GR5 Access Request. Process Diagram

SEPA in SAP CRM. Application Innovation, CRM & Service Industries. Customer

SAP Project Portfolio Monitoring Rapid- Deployment Solution: Software Requirements

Data Integration using Integration Gateway. SAP Mobile Platform 3.0 SP02

SAP ERP E-Commerce and SAP CRM Web Channel Enablement versions available on the market

Software Requirements

Enhance Customer Service with Integrated Scale Management Software from SAP

Optimize Retail Label and Poster Printing with SAP Software

Run SAP Risk Management for Enterprise Risks in Life Sciences for Fast Business Value

Integrate, Automate, and Personalize Business Communications with Greater Ease

SAP NetWeaver Application Server Add-On for Code Vulnerability Analysis

How to Deliver a Coordinated Customer Experience across Every Channel

Multi Channel Sales Order Management: Mail Order. SAP Best Practices for Retail

Transform Your SAP Applications Landscape to Meet Changing Business Requirements

Downport to SAP GUI for documents Access Control Management

Getting Started with the License Administration Workbench 2.0 (LAW 2.0)

PSM-PPM Integration SAP Product Structure Management

How-To Guide SAP Cloud for Customer Document Version: How to Configure SAP HCI basic authentication for SAP Cloud for Customer

K88 - Additional Business Operations for Loans. Process Diagram

SuccessFactors Global Human Capital Management (HCM) Academy and Admin Training Schedule (Q3 Q4 2014)

Varian Medical Systems: Maximizing the Speed of Mobile Apps with SAP Enterprise Support

Contents. About this Support Package / Patch...5. To install the EPM Add-in for Microsoft Office Support Package 15 / Patch XX...

Cost-Effective Data Management and a Simplified Data Warehouse

Streamline Processes and Gain Business Insights in the Cloud

SBOP Analysis 2.1, edition for Microsoft Office Additional PAM Information

Improve Business Efficiency by Automating Intercompany Transactions

Drive Performance and Growth with Scalable Solutions for Midsize Companies

BPCL: Delivering New Functionality Faster and Reliably with SAP Software and SAP Enterprise Support

Integration capabilities of SAP S/4HANA to SAP Cloud Solutions

Transform HR into a Best-Run Business Best People and Talent: Gain a Trusted Partner in the Business Transformation Services Group

SAP Security Recommendations December Secure Software Development at SAP Embedding Security in the Product Innovation Lifecycle Version 1.

Help Users Rapidly Adopt New Technology for a Faster Return on Investment

Optimize Revenue for High-Volume Service Providers with Pricing Simulation

HealthWyse: Meeting the Financial, Clinical, Analytical, and Reporting Needs of Home Care Agencies

How To Use An Automotive Consulting Solution In Ansap

Ariba Procure-to-Pay Integration rapiddeployment

KT Corp: Driving Innovation in Business Processes by Running the SAP ERP Application in the Cloud

Proactive Collections and Dispute Management with SAP Software

SAP Travel OnDemand Solution An Easier Way to Travel

Arteria Technologies: Building Enterprise Mobile Apps That Extend SAP Business Suite

FA7 - Time Management: Attendances/Absences/Overtime/Hajj Leave. Process Diagram

A Cloud-Based Foundation for Enterprise Mobility

Optimize Application Performance and Enhance the Customer Experience

Kaeser: SAP IT Process Automation Helps Kaeser Safeguard Operations Powered by SAP HANA

Transform Invoice Management with a Hybrid of Cloud and On-Premise Software

How-To Guide SAP NetWeaver Document Version: How To Guide - Configure SSL in ABAP System

Harness the Power of Analytics Across Lines of Business with Speed and Ease

Elevate Your Customer Engagement Strategy with Cloud Services

SAP Product and Cloud Security Strategy

Cut Costs and Improve Agility by Simplifying and Automating Common System Administration Tasks

Drive Retail Sales and Enhance Loyalty by Streamlining Your Contact Center

Munich City Utilities Empowers Developers With ABAP Development Tools for Eclipse

Use Advanced Analytics to Guide Your Business to Financial Success

Automotive Consulting Solution. CHEP - EDI- Container Data

SAP Learning Hub: Your Competitive Advantage for a Career in SAP Solutions

SAP Payroll Processing control center rapiddeployment

TAKISADA-OSAKA: Facilitating Sales, Speeding Delivery, and Improving Service with SAP Mobile Platform

Driving Transformation with Less Budget The Value of SAP Enterprise Support

COSCON: SAP Technologies Help Create a Unified Enterprise Data Platform for Global Operations

Create Mobile, Compelling Dashboards with Trusted Business Warehouse Data

Transform Audit Practices and Move Beyond Assurance

How-To Guide SAP Cloud for Customer Document Version: How to replicate marketing attributes from SAP CRM to SAP Cloud for Customer

Improve Information Governance Through Clarity and Collaboration

Unlock the Value of Your Microsoft and SAP Software Investments

Protect Your Connected Business Systems by Identifying and Analyzing Threats

Increase the Efficiency and Value of Healthcare Contact Centers

Measure Your Data and Achieve Information Governance Excellence

Petrojam: Boosting Operational Efficiency by Upgrading Its SAP ERP Application

Integrated solution for subsidiaries, suppliers and franchises powered by SAP HANA

Application Test Management and Quality Assurance

SAP Fiori Infrastructure rapid-deployment solution: Software and Delivery Requirements

SAP MII for Manufacturing rapid-deployment solution: Software Requirements

Interactive Dashboards for Decision Makers

SAP Solution Manager: The IT Solution from SAP for IT Service Management and More

An Enterprise Resource Planning Solution for Mill Products Companies

Cepas Argentinas: Improving Business Intelligence with SAP Web Channel Experience Management

SAP Mobile Services Enterprise Knowledgebase Overview and Access Guide

Interaction Center Sales & Marketing Detailed View

Securing Enterprise Mobility for Greater Competitive Advantage

SAP Best Practices for SAP Mobile Secure Cloud Configuration March 2015

Outperform Financial Objectives and Enable Regulatory Compliance

Transnet Engineering: Driving Lean Six Sigma with SAP Portfolio and Project Management

Vehicle Sales Management

Upgrade: SAP Mobile Platform Server for Windows SAP Mobile Platform 3.0 SP02

Software and Delivery Requirements

Transcription:

SAP Security Concepts and Implementation Source Code Scan Tools Used at SAP Detecting and Eliminating Security Flaws Early On

Table of Contents 4 SAP Makes Code Scan Tools for ABAP Programming Language Available to Customers 4 SAP Relies on Coverity Inc. for C and C++ Code Scanning 4 SAP Draws on HP Fortify for Static Application Security Testing 5 Source Code Scan Strategy at SAP 6 Making Your Software Development More Secure 6 Find Out More 2 / 6

At SAP, automated source code scans help to detect and eliminate security flaws at an early stage in the development cycle. Prevention is better than cure. At SAP, automated source code scans help to detect and eliminate security flaws at an early stage in the development cycle. Customers can use the same source code scan tools as SAP to make their own software developments more secure. Automated source code scan tools enable customers to: Perform in-depth checks consistently, without human bias Examine source code and assess its quality reliably and thoroughly Identify the root cause of security-related issues Detect errors early in the development of applications and add-ons Run and rerun automated tests of large amounts of code whenever required 3 / 6

SAP Makes Code Scan Tools for ABAP Programming Language Available to Customers Benefit from the in-depth source code scanning experience at SAP to cost-effectively enhance the quality of your own software products. An add-on for the SAP NetWeaver Application Server (SAP NetWeaver AS) component is available for just this purpose. With SAP NetWeaver AS, add-on for code vulnerability analysis, customers can benefit from SAP s experience in identifying common source code related risks of the top 10 named by the Open Web Application Security Project (OWASP), an open-source Web application project. SAP RELIES ON COVERITY INC. FOR C AND C++ CODE SCANNING Find out about best practices that can help you boost your efficiency in developing high-quality software and performing effective security analyses on the software. See the case study and interview: SAP Runs Coverity. SAP DRAWS ON HP FORTIFY FOR STATIC APPLICATION SECURITY TESTING Learn about products and services that can help you protect the applications you develop from security vulnerabilities. This includes detecting problems as they crop up and fixing them. See the case study: SAP uses HP Fortify to help produce secure applications. 4 / 6

Source Code Scan Strategy at SAP The source code scan strategy in effect at SAP has been mandated by the company s board of directors as an integral part of the SAP product security strategy. The source code scan tools, the scope of testing, and the scan processes used for each SAP software product are defined at the corporate level. Scanning for security issues can find implementation errors. Security code scans start early in the product development cycle at SAP because it is much more efficient than finding and fixing problems later on in the development cycle. The scans contribute to building a stable code structure right from the start. The source code scan tools deployed at SAP help developers identify vulnerable patterns within the code and pinpoint the root cause of security issues. In-depth training supports developers in making effective use of these tools and in developing security awareness. Security code scans are static-code analyses that are run on code without executing the code. For large software products, these static analyses are the most cost-effective way of supporting a secure development lifecycle. Automated code scans enable developers to assess large amounts of source code. Following corrective action, developers can rerun the tests with push-button convenience. 5 / 6

The static analyses in SAP product development are complemented by other test methods, such as dynamic checks, fuzzing, and penetration testing. MAKING YOUR SOFTWARE DEVELOPMENT MORE SECURE The world s best-run companies run SAP software. The openness of SAP extends to the source code scanning methodologies that help to make SAP software reliable, robust, and secure. The source code scanning tools used by SAP are commercially available to SAP customers. FIND OUT MORE To learn more about source code scanning tools from SAP, please contact your SAP representative. Customers can benefit from the in-depth source code scanning experience at SAP to cost-effectively enhance the quality of their own software products. 6 / 6 CMP29044 (13/12)

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided by SAP AG and its affiliated companies ( SAP Group ) for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Please see http://www.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark information and notices.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information