Ensuring the Security and Quality of Custom SAP Applications



Similar documents
zur Erstellung von Präsentationen

How To Make Your Software More Secure

Andreas Wiegenstein Dr. Markus Schumacher

Detecting Data Leaks in SAP -

SAP NetWeaver Application Server Add-On for Code Vulnerability Analysis

Compliance & SAP Security. Secure SAP applications based on state-of-the-art user & system concepts. Driving value with IT

Personalized Data Analysis with PBS SE16/SA38_PERSONAL

ABAP Custom Code Security

theguard! SmartChange Intelligent SAP change management think big, change SMART!

GSK Vaccines: Easing Compliance with SAP Process Control

Application Security from IBM Karl Snider, Market Segment Manager March 2012

Increase Efficiency and Cut Costs with Automated Payroll Processes

An Enterprise Resource Planning Solution (ERP) for Mining Companies Driving Operational Excellence and Sustainable Growth

Security Think beyond! Patrick Hildenbrand, SAP HANA Platform Extensions June 17, 2014

Adopt New SAP Software and Technology Early and Win

R49 Using SAP Payment Engine for payment transactions. Process Diagram

SAP Product and Cloud Security Strategy

SAP Managed Services SAP MANAGED SERVICES. Maximizing Performance and Value, Minimizing Risk and Cost

BPCL: Delivering New Functionality Faster and Reliably with SAP Software and SAP Enterprise Support

Software Requirements

SAP PartnerEdge Program Guide for Language Services Partners

SAP Security Recommendations December Secure Software Development at SAP Embedding Security in the Product Innovation Lifecycle Version 1.

PBS archive add on CUSTOM

Protect Your Connected Business Systems by Identifying and Analyzing Threats

Business-Driven, Compliant Identity Management

SAP Project Portfolio Monitoring Rapid- Deployment Solution: Software Requirements

Run SAP Risk Management in Utilities to Get Business Value Fast

Optimize Application Performance and Enhance the Customer Experience

Price and Revenue Management - Manual Price Changes. SAP Best Practices for Retail

SAP ERP FINANCIALS ENABLING FINANCIAL EXCELLENCE. SAP Solution Overview SAP Business Suite

SAP IT INFRASTRUCTURE MANAGEMENT AN INTEGRATED CMDB FOR SAP SOLUTION MANAGER END-TO-END REAL-TIME MONITORING OF YOUR IT

KuppingerCole Product Research Note. Virtual Forge CodeProfiler. by Prof. Dr. Sachar Paulus March 2012

Drive Performance and Growth with Scalable Solutions for Midsize Companies

VBL: A Compliant Test Landscape for Complex Insurance Processes Using SAP Test Data Migration Server

Siemens uses CA Clarity PPM for project management of R&D for wind, solar and hydro solutions

SAP NetWeaver Application Server Add-On for Code Vulnerability Analysis. Patrick Hildenbrand, Product Management Security, SAP AG September 2014

An Enterprise Resource Planning Solution for Mill Products Companies

SAP ERP EMPLOYEE INTERACTION CENTER

Brooks Brothers refashions human resources with SuccessFactors and IBM, sees 50 percent productivity gain

Driving Transformation with Less Budget The Value of SAP Enterprise Support

Enterprise Information Management Services Managing Your Company Data Along Its Lifecycle

Minimize Access Risk and Prevent Fraud With SAP Access Control

Web application security: automated scanning versus manual penetration testing.

Making Every Project Business a Best-Run Business

OSRAM: Driving Process Efficiency with SAP Master Data Governance

The Security Development Lifecycle at SAP How SAP Builds Security into Software Products

ITM204 Post-Copy Automation for SAP NetWeaver Business Warehouse System Landscapes. October 2013

CYBER-ATTACKS & SAP SYSTEMS Is our business-critical infrastructure exposed?

THE NEXT GENERATION OF HR SHARED SERVICES SUBHEADLINE RUNS HERE AND HERE AND HERE AND HERE

Reference Architecture: Enterprise Security For The Cloud

LHI Leasing Simplifying and Automating the IT Landscape with SAP Software. SAP Customer Success Story Financial Services Provider LHI Leasing

Engage Customers with Service Excellence

Transform Your SAP Applications Landscape to Meet Changing Business Requirements

Cyber Governance Preparing for the Inevitable Perimeter Breach

SAP PartnerEdge Program Guide for Authorized Resellers

Getting Started with the License Administration Workbench 2.0 (LAW 2.0)

Preemptive security solutions for healthcare

3 rd party Service Desk interface

VENDOR MANAGEMENT. General Overview

Transform Audit Practices and Move Beyond Assurance

Extend Business Scope and Improve Governance with SAP Content Management

DoXite. Document Composition for SAP

Transform HR into a Best-Run Business Best People and Talent: Gain a Trusted Partner in the Business Transformation Services Group

ABAP How To on SQL Trace Analysis

Infosys: Treating Governance and Compliance Strategically with SAP Access Control

Aditro: Increasing Contact Center Efficiency for Improved Customer Satisfaction

Deliver Secure, User-Friendly Access to Mobile Business Apps

Run SAP Risk Management for Enterprise Risks in Life Sciences for Fast Business Value

SAP Operational Process Intelligence Security Guide

Unlock the Value of Your Microsoft and SAP Software Investments

SAP Standard for Remote Supportability

How-To Guide SAP Cloud for Customer Document Version: How to Perform Initial Load of data from SAP ERP to SAP Cloud for Customer

Inception of the SAP Platform's Brain Attacks on SAP Solution Manager

Fraport: Integrating Key System Management with SAP Software

Arteria Technologies: Building Enterprise Mobile Apps That Extend SAP Business Suite

Integration capabilities of SAP S/4HANA to SAP Cloud Solutions

The SAProuter An Internet Window to your SAP Platform (and beyond)

IBM Security AppScan Source

National Bank of Canada: Transforming the Mortgage Origination Process

GR5 Access Request. Process Diagram

FI Localization for Ukraine. Asset Accounting (FI-AA) SAP Library CUSTOMER Document Version: 6774 September 2013

IKAN ALM and Collabnet TeamForge

OTE Group: Going Mobile with SAP Enterprise Support

Enabling Better Business Intelligence and Information Architecture With SAP Sybase PowerDesigner Software

Proactive Collections and Dispute Management with SAP Software

Clariant: Optimizing Product Safety and Stewardship with SAP Software

Ariba Procure-to-Pay Integration rapiddeployment

How to Deliver a Coordinated Customer Experience across Every Channel

Using Predictive Maintenance to Approach Zero Downtime

Multi Channel Sales Order Management: Mail Order. SAP Best Practices for Retail

Methodology to Implement SAP Process Integration

Transcription:

Ensuring the Security and Quality of Custom SAP Applications for smooth-running SAP applications and business processes

Security is an important quality feature Security is important to us and to our customers. It s good to see that our trusted partner Virtual Forge provides a tool for security test automation. Now all our customers can establish a baseline security level in their ABAP TM code. Gerhard Oswald, Chief Operating Officer of SAP AG and member of the Executive Board How safe is your business? In order to better serve specific business requirements, SAP standard solutions are often enhanced with custom applications. In many industries, the proportion of proprietary developments in SAP systems averages more than twenty five percent, provided either by internal IT specialists or third-party companies. Whether SAP applications are at the heart of your business or it is your business to develop SAP add-on applications, you need to both ensure that business critical processes and sensitive data remain safe, and reduce the risk of security breaches or data loss whilst meeting compliance rules and standards. Almost 50% of all large companies in Germany have been the target of regular IT attacks * * Source: T-Systems, Best Practice Issue 4 2011, Pg. 44. 2

The Devil is in the Detail SAP has an excellent record when it comes to software security and the maturity of secure development processes. But how secure are your organisation s custom developments and 3rd party add-ons? Business risks caused by critical security defects include, for example, data manipulation, data theft, or system failures. These can lead to unnecessary costs, non-compliance, loss of image or - in the case of know-how plagiarism can jeopardize the entire business model. Based on more than 180 test cases, CodeProfiler can ensure the security and and quality of Custom Code. You can: find out if there are security risks and defects in your SAP custom code and add-ons that may put your organization at risk from attack or non-compliance determine the quality of your custom code (how well has the application code been written?). This is invaluable both for internal development projects and assessing the standard of externally developed code Security for SAP applications is often limited to a segregation of duties and good authorization or access rights management. However, security vulnerabilities in your applications may open backdoors with which to circumvent these controls. Automatic Detection and Correction of Defects Companies require tools and solutions to identify and resolve security and quality issues as quickly as possible. Automating the analysis and correction of ABAP code of SAP applications enables companies to lower the cost of ensuring that custom SAP applications are safe and of high quality. Statistics show that custom applications produce on average one critical security defect per 1,000 lines of code.* * Source: Virtual Forge benchmark, status: April 2012, see www.virtualforge.com. 3

Get a Grip on Your Security Analyze and minimize risk with the CodeProfiler Security Suite The CodeProfiler Security Suite allows organizations to detect weaknesses and vulnerabilities in the ABAP Code of SAP applications, thereby paving the way for sustainable corporate security. Use it to ensure your applications are safe, comply with regulations, meet industry best practices standards or for your own specific business requirements. Test cases include Security: identify code that may make SAP applications vulnerable to misuse or attack by unauthorized users Compliance: perform tests to ensure that today s compliance standards for PCI-DSS, PII, and BIZEC are met and that your code is safe Data Loss Prevention: check at code level if critical data can be accessed by unauthorized people 4

Ensure the Quality of Your Code Effective monitoring and reporting with the CodeProfiler Quality Assurance Suite The CodeProfiler Quality Assurance Suite ensures that the ABAP Code of SAP applications you are evaluating is structured and well-written, performance-optimized, properly documented, and following the correct naming conventions. Test cases include Performance: identify coding practices that may have adverse effects on the performance of an SAP system. Maintainability: ensure that the code is written so that it can be easily understood, upgraded or enhanced based on the logic and structure of the programs. Quality assurance at every stage of custom development It s very important for us to maintain full control over our coding. To increase the effectiveness and efficiency of our system development at Linde, we mainly work with external ABAP developers. Ever since we ve been using CodeProfiler, the developers have become more aware and are delivering better quality code. Stephan Sachs, Manager for Application Security & Enterprise Content Management, Linde Robustness: check for ABAP coding defects, which jeopardize the reliable execution of business applications. Source: www.virtualforge.com, Success Story with The Linde Group, 2011 Naming Conventions: extend the check provided by SAP Code Inspector by adding validity periods and name spaces enabling you to adapt your naming conventions easily over time. 5

Minimizing Risks Security Suite Cost Savings CODEPROFILER Enhancing Quality Quality Assurance Suite Time Savings CodeProfiler at a Glance Minimize risks by improving the ABAP code quality in your SAP applications Identifying and closing security vulnerabilities minimizes security and compliance risks Proactively detecting critical data movements helps to avoid loss of data Comprehensive testing with Data and Control Flow Analysis and Plausibility testing ensure highly accurate results Enhance Quality in your SAP applications Easy maintainability and robustness ensures smooth business operations Cost savings through effective and efficient quality assurance and better performance Minimize manual efforts due to automated testing of ABAP code also with high complex applications Ensure compliance of defined quality standards with internal and external software development Avoid extra correction work through know-how build-up in your software development and early detection of vulnerabilities Reduce operational costs through improvement of your application performance Time savings by reducing effort through automated testing and correcting Fast and reliable detection and correction of defects and vulnerabilities in your ABAP code of SAP applications Automatic correction of up to 70% of all defects found online in seconds! 6

VIRTUAL FORGE: Your Secret Agent Getting to the heart of the problem The current release (version 3.3) provides more than 180 test cases for known vulnerabilities. CodeProfiler can help you test, detect and automatically correct irregularities that may lead to system breakdowns and negatively impact your critical business applications. It also enables you to assess whether critical data can leave the control area of the relevant SAP systems at code level. Seamless integration with SAP environments Our unique security expertise, developed over many customer projects, has been captured into the Virtual Forge CodeProfiler. CodeProfiler is the leading solution for static code analysis on the basis of data and control flow capabilities for ABAP. Dr. Markus Schumacher, Chief Executive Officer of Virtual Forge The integration of Virtual Forge CodeProfiler into the SAP Transport Management System (TMS) and SAP Solution Manager Change Request Management (SolMan/ChaRM) ensures that only those transports that satisfy predefined criteria will be transferred into the productive SAP system. Furthermore, the integration of Virtual Forge CodeProfiler into the development workbench of SAP (SE80) allows developers to check their ABAP code for vulnerabilities at any time without having to leave their normal work environment. They gain a detailed description of coding irregularities as well as concrete guidance on how to fix them and develop techniques for secure ABAP programing. 7

Virtual Forge Inc. 1031 Cedar Mill Lane West Chester, PA 19382 USA Virtual Forge GmbH Speyerer Str. 6 69115 Heidelberg Germany www.virtualforge.com * 2012 Virtual Forge GmbH. All rights reserved. SAP, SAP R/3, SAP Solution Manager, ABAP and other SAP products and services mentioned in the text as well as the corresponding logos are trademarks or registered trademarks of SAP AG in Germany and other countries worldwide. All other product and service names mentioned are trademarks of the respective companies. * The certifications of Virtual CodeProfiler 3.0 for the integration with IBM Rational AppScan Source Edition 8.0 and Virtual Forge CodeProfiler 3 with SAP NetWeaver existed at the moment of production of this brochure. The information contained herein may be changed without prior notice and is for informational purposes only. Virtual Forge accepts no warranty or guarantee of any kind and shall not be liable for errors or omissions with respect to this publication. The information contained in this publication shall entail no further liability. The General Terms and Conditions of Virtual Forge apply. The GTC are available on www.virtualforge.com.