English | Deutsch | Español

Our SAP® Systems are Secure. Right?

February 19, 2018 | From Caroline Neuber, Virtual Forge GmbH

Many companies assume that their SAP® systems are secure. After all, a lot of money was invested in the SAP software and SAP is trusted as one of the most successful software providers worldwide. It is therefore expected that the purchased products will also meet the current security standards. But what is the reality?

This text was published as an advertorial in issue 1/18 of the DSAG magazine "blaupause".

Digital transformation is rapidly evolving, and even large corporations like SAP have to invest a lot to keep pace. The goal, but not always the reality, is to ensure that systems are always up to the latest security standards. The patch days, where SAP always publishes the most important security notes, have been established for a reason. But, to be honest, how quickly do you implement them in your company and who is responsible?

In-house Developments as a Security Vulnerability

Many companies also have their own developments to adapt the SAP systems to the company's own processes. Did you know that every company has an average of about 2 million lines of self-programmed code and about 1.1 vulnerabilities per thousand lines of code? Here too, the question of responsibility arises. Whose is it in your company?

A widespread opinion is that the developers are responsible. They are expected to program the code in such a way that hackers are not allowed to misuse the SAP systems for their own purposes. However, it is not to be underestimated that many applications can nowadays be accessed via the Internet and are easily vulnerable without explicit security measures. With the introduction of SAP HANA® there are now also other languages that developers must master.

But are developers really concerned about security, quality and compliance? Isn't it rather a matter for the company's management if security gaps are abused or compliance guidelines are disregarded? Wouldn't it be more than reassuring if management could provide their developers with tools that allow them to program code free of security holes and compliance violations?

Virtual Forge as Security Expert

Virtual Forge specializes in the security of SAP systems and provides companies with tools for this purpose. With CodeProfiler, a scanner for ABAP code, Virtual Forge has made its name in the security industry. The patented CodeProfiler for ABAP has been successfully used by SAP customers worldwide for many years.

The fundamental changes in the SAP landscape call for new tools. Virtual Forge recognized this development early on and is the first provider of a code scanner for native SAP HANA applications.

The Virtual Forge CodeProfiler for HANA helps companies to develop reliable, robust and secure applications for SAP HANA and to be prepared for new programming languages.

SAP certified Tools for System Security

Seamlessly integrated into the SAP HANA development environment and certified by SAP, the Virtual Forge CodePofiler for HANA enables the scanning of SQLScript, XSJS JavaScript and SAPUI5 programming code. Based on pre-delivered test cases, security-relevant weak points in the coding are identified. The possibilities of cross site scripting or SQL injections will be demonstrated and ways to close these security vulnerabilities are suggested. Weak points that affect the application in terms of performance and stability can also be identified.

When working with the Virtual Forge CodeProfiler for HANA, the developer receives continuous feedback during programming, comparable to a spell checker. This results in a steep learning curve in programming. Regular batch scans of SAP HANA packages can also be scheduled and automated.

The Virtual Forge Security & Quality Suite offers an even more comprehensive protection. In addition to the pure code check for SAP HANA or ABAP, it also includes evaluating system configurations, including important basic authorizations, and the transport management system for security weaknesses.

Ensure the highest standards of security and stability for SAP HANA® applications right from the start with Virtual Forge CodeProfiler for HANA.

Your Advantages at a Glance:

  •     Security tests from the beginning
  •     Real-time analyses with ad-hoc feedback during programming
  •     Integrated solutions
  •     Steep learning curve for developers
  •     No subsequent troubleshooting necessary
  •     Quality improvement of in-house developments
  •     Time and cost savings through early detection
  •     Performance enhancement of SAP systems
  •     Compliance with legal requirements and industry standards

For more information please visit our CodeProfiler for HANA page.

Topics: Secure Coding