Skip to content

Code Vulnerability Analysis

SAP Code Security
Detect And React
to new Code Vulnerabilities.

SAP Code Security
May be Your Weakest Point.

Reveal vulnerabilities lurking in your SAP ABAP codebase.

As of 2010, SAP, the leading ERP manufacturer started to put real focus on securing its own SAP code security. Every “SAP Patch Day” includes important security notes and patches, most of which are classified as “Program Error”. However, this only addresses the standard codebase! Custom development also poses a risk security of your systems. SecurityBridge Code Scanner helps conduct code vulnerability analysis and avoid vulnerabilities before their implementation in production. Implement effortless methodologies in your software development lifecycle to increase the security posture of your SAP environment.

The Code Scanner is fully integrated into SecurityBridge, supporting both static code analysis and dynamic scans at code compilation (e.g. importing transports).

A direct integration into the development process in the ABAP Development Workbench and Eclipse Tools for ABAP makes the SecurityBridge Code Scanner a constant companion for your developers. Scans can be conducted effortless and as part of the coding activity. SecurityBridge is a fully integrated SAP security platform. This is why the discovered vulnerabilities will be visible to the other Security Applications. A real 360° view can be established – showing which vulnerability has been exploited. After all one must react quickly once a security vulnerability was discovered. The SecurityBridge platform raises an alert in real-time as soon as such an incident is detected. Our security experts are constantly providing new detection patterns to keep the solution up-to-date and enable the discovery of new vulnerabilities. Unique for SAP add-ons is the approach that our customers can update all detection signatures with a button-click.

Scan thousands of lines of ABAP

Save time with SecurityBridge Code Scanner

Code vulnerability analysis in a pie chart

Understand The Risk

Each system has an individual security risk. Code Scanner helps you understand and mitigate the risk hidden in custom code.

Vulnerability elimination with code scanner

Automatic vs. Manual

Detect an exploit via the Intrusion Detection System, find and close the vulnerability via the Code Scanner.

Individual area scanning in code vulnerability analysis

Scan individual areas

Scan your entire customer codebase, or target certain areas. It integrates perfectly in your  established development workflow.

Simple and Fast - Performance is key

Hundreds of Objects, Thousands of Lines - Code Vulnerability Analysis in Just a Few Seconds.

We applied the same software design targets that we set for all of our platform. Software must be lean, reliable, fast and easy to adopt. Customers should not have to read the manual! Performance of the Code Scanner was also a top priority. SecurityBridge ploughs through thousands of lines of code in no time. It continuously guards as a silent watchdog, ensuring code security is no longer optional or avoidable. Request a demo or run an on-premise test yourself. Assess your code security level now.

SecurityBridge code vulnerability scanner

Let the scanner help you to identify vulnerable or malicious coding lines. Highlight non-mitigated SQL-, OpenSQL- and ADBC injections vulnerabilities. Find missing authorization checks in remote enabled function modules (RFC). Shield the system from backdoors being installed. The SecurityBridge Code Scanner will highlight direct table manipulations, directory traversal vulnerabilities and many other risks lurking in your code.

Not convinced of the need?
A simple backdoor example.

Identified in real life.

if sy-uname <> 'x84bcrl'.

   authority-check object 'z_payroll'
     id 'salary_slip' field 'value'.
   if sy-subrc <> 0.
     raise authorization_error.
   endif.

endif.

Briefly explained

The attacker, a developer with legitimate rights on the system, wrote a discriminating authorization check. Using an IF-clause, he could avoid the authorization check being executed for a specific user-ID. Possibly, this was done during the development and testing phase; potentially this can now be exploited in production to manipulate salary slips. An ordinary line of code may have a significant impact on your Human Resources department.

Solution Brief - Code Vulnerability Analyzer

In a nutshell

Looking for a condensed document explaining all the information about SecurityBridge’s Code Vulnerability Analyzer solution? We’ve got you covered. The Solution Brief combines all the relevant information you need to know about the built-in Code Vulnerability Analyzer solution of SecurityBridge for SAP.

Other resources

We got you covered

Code Vulnerability Analysis is a core component of the SecurityBridge
Platform and enables organizations to identify and eliminate malicious
or vulnerable coding that exists in a production environment.
Preventative and proactive products are not only available, but they are
also highly effective in protecting sensitive data within SAP systems

Relevant articles

Code Security is no longer optional

SecurityBridge complements tools and processes already in place for your software development lifecycle management. Code security should never be optional. Protect against ABAP code injects, foreign transports, temporary program creations, and more with SecurityBridge’s code scanner providing constant monitoring.