May be Your Weakest Point.
Reveal vulnerabilities living in your code base.
As of 2010, the leading ERP manufacturer started to put real focus on securing its own codebase. Every “SAP Patchday” includes important security notes and patches, most of which are classified as “Program Error”. However, this only addresses the standard codebase! Custom development also poses a risk security of your systems. SecurityBridge helps detect code vulnerabilities before they are implemented in production. Implement effortless methodologies in your software development lifecycle to increase the security posture of your SAP environment.
Scan thousands of lines of ABAP
Save time with SecurityBridge Code Scanner
Understand The Risk
Each system has an individual security risk. Code Scanner helps you understand and mitigate the risk hidden in custom code.
Automatic vs. Manual
Detect an exploit via the Intrusion Detection System, find and close the vulnerability via the Code Scanner.
Scan individual areas
Scan your entire customer codebase, or target certain areas. It integrates perfectly in your established development workflow.
Simple and Fast
Performance is key
Hundreds of Objects, Thousands of Lines - Just a Few Seconds.
We applied the same software design targets that we set for all of our SAP add-ons. Software must be lean, reliable, fast and easy to adopt. Customers should not have to read the manual! Performance of the Code Scanner was also a top priority. SecurityBridge ploughs through thousands of lines of code in no time. It continuously guards as a silent watchdog, ensuring code security is no longer optional or avoidable. Request a demo or run an on-premise test yourself. Assess your code security level now.
Let the scanner help you to identify vulnerable or malicious coding lines. Highlight non-mitigated SQL-, OpenSQL- and ADBC injections vulnerabilities. Find missing authorisation checks in remote enabled function modules (RFC). Shield the system from backdoors being installed! The SB Code Scanner will highlight direct table manipulations, directory traversal vulnerabilities and many other dangers out there in your coding forest.
Not convinced of the need?
A simple backdoor example.
Identified in real life.
if sy-uname <> 'x84bcrl'.
authority-check object 'z_payroll'
id 'salary_slip' field 'value'.
if sy-subrc <> 0.
The attacker, a developer with legitimate rights on the system, wrote a discriminating authorization check. Using an IF-clause, he could avoid the authorization check being executed for a specific user-ID. Possibly, this was done during the development and testing phase; potentially this can now be exploited in production to manipulate salary slips. An ordinary line of code may have a significant impact on your Human Resources department.