SAP Code Security
May be Your Weakest Point.
Reveal vulnerabilities lurking in your SAP ABAP codebase.
As of 2010, SAP, the leading ERP manufacturer started to put real focus on securing its own SAP code security. Every “SAP Patch Day” includes important security notes and patches, most of which are classified as “Program Error”. However, this only addresses the standard codebase! Custom development also poses a risk security of your systems. SecurityBridge Code Scanner helps conduct code vulnerability analysis and avoid vulnerabilities before their implementation in production. Implement effortless methodologies in your software development lifecycle to increase the security posture of your SAP environment.
The Code Scanner is fully integrated into SecurityBridge, supporting both static code analysis and dynamic scans at code compilation (e.g. importing transports).
A direct integration into the development process in the ABAP Development Workbench and Eclipse Tools for ABAP makes the SecurityBridge Code Scanner a constant companion for your developers. Scans can be conducted effortless and as part of the coding activity. SecurityBridge is a fully integrated SAP security platform. This is why the discovered vulnerabilities will be visible to the other Security Applications. A real 360° view can be established – showing which vulnerability has been exploited. After all one must react quickly once a security vulnerability was discovered. The SecurityBridge platform raises an alert in real-time as soon as such an incident is detected. Our security experts are constantly providing new detection patterns to keep the solution up-to-date and enable the discovery of new vulnerabilities. Unique for SAP add-ons is the approach that our customers can update all detection signatures with a button-click.
Scan thousands of lines of ABAP
Save time with SecurityBridge Code Scanner
Understand The Risk
Each system has an individual security risk. Code Scanner helps you understand and mitigate the risk hidden in custom code.
Automatic vs. Manual
Detect an exploit via the Intrusion Detection System, find and close the vulnerability via the Code Scanner.
Scan individual areas
Scan your entire customer codebase, or target certain areas. It integrates perfectly in your established development workflow.
Simple and Fast - Performance is key
Hundreds of Objects, Thousands of Lines - Code Vulnerability Analysis in Just a Few Seconds.
We applied the same software design targets that we set for all of our platform. Software must be lean, reliable, fast and easy to adopt. Customers should not have to read the manual! Performance of the Code Scanner was also a top priority. SecurityBridge ploughs through thousands of lines of code in no time. It continuously guards as a silent watchdog, ensuring code security is no longer optional or avoidable. Request a demo or run an on-premise test yourself. Assess your code security level now.
Let the scanner help you to identify vulnerable or malicious coding lines. Highlight non-mitigated SQL-, OpenSQL- and ADBC injections vulnerabilities. Find missing authorization checks in remote enabled function modules (RFC). Shield the system from backdoors being installed. The SecurityBridge Code Scanner will highlight direct table manipulations, directory traversal vulnerabilities and many other risks lurking in your code.
Not convinced of the need?
A simple backdoor example.
Identified in real life.
if sy-uname <> 'x84bcrl'.
authority-check object 'z_payroll'
id 'salary_slip' field 'value'.
if sy-subrc <> 0.
The attacker, a developer with legitimate rights on the system, wrote a discriminating authorization check. Using an IF-clause, he could avoid the authorization check being executed for a specific user-ID. Possibly, this was done during the development and testing phase; potentially this can now be exploited in production to manipulate salary slips. An ordinary line of code may have a significant impact on your Human Resources department.