ERPScan introduces a new solution to protect customization of SAP business applications

Palo Alto, CA – July, 21 ERPScan, the most credible business application security provider, is excited to announce a new solution to protect SAP environments from customization issues.

The breaking news about US-CERT Alert on SAP vulnerability attracted a lot of attention to SAP Cybersecurity services. Now many companies are interested in improving their SAP Systems security and protecting them from cyberattacks. However, this initiative is not a simple task, as SAP Cybersecurity consists of multiple areas (Segregation of Duties, Application platform security, and security of Customizations including code security issues), and each of them is paramount. Our new solution is focused on the most underestimated area – security of customization.

SAP is not a type of software, which can be installed out of the box. It’s more like a framework, on top of which customers develop their own applications using different programming languages such as ABAP. Identification of vulnerabilities and backdoors in static code is prone to false positives, thus it requires time, man-hours, processors, and network to identify the issues and remediate them. Another and the most significant difficulty is developing of secure code. Companies spend months on protecting their systems from errors in the source code, which may lead to cyberattacks or fraud.

The new solution is a unique proposal, which combines the power of the ERPScan Security Monitoring Suite engine and experience of ERPScan Research and Threat Intelligence teams as well as new technologies developed by our experts. Our aim is to control the developing process from first to last, as a result customers will get a secure SAP System without taking any additional actions from their side.

ERPScan’s SAP Code Security SaaS allows any customer to upload a program code from their SAP Systems into ERPScan’s cloud platform. The customer will get not a list of identified issues but a solution consisting of corrected code parts, alternative remediation fragments, and even Virtual Patching for detected vulnerability, which can be then imported into IPS systems from Cisco, CheckPoint, Fortinet, or any other vendor.

The current solution can identify 130 types of issues in Custom code of ABAP-based applications and detect such issues as:

  • Software vulnerabilities such as Directory traversal or SQL Injections, which can be exploited by cybercriminals;
  • Backdoors, which developers can inject to conduct malicious actions, e.g. changing bank account numbers;
  • Access control violation, i.e. fragments of code where developers have missed to implement access check for particular critical functions;
  • Obsolete statements or statements, which were restricted to use by SAP. Such issues may affect operations during updates or migration.

This service is available from 21 th of July by the link.

About ERPScan

ERPScan is the most respected and credible Business Application Cyber Security provider. Founded in 2010, the company operates globally and enables large Oil and Gas, Financial, Retail and other organizations to secure their mission-critical processes. Named as an ‘Emerging Vendor’ in Security by CRN, listed among “TOP 100 SAP Solution providers” and distinguished by 30+ other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities. ERPScan consultants work with SAP SE in Walldorf to assist in improving the security of their latest solutions.

ERPScan’s primary mission is to close the gap between technical and business security, and provide solutions for CISO’s to evaluate and secure SAP and Oracle ERP systems and business-critical applications from both, cyber-attacks as well as internal fraud. Usually our clients are large enterprises, Fortune 2000 companies and managed service providers whose requirements are to actively monitor and manage security of vast SAP and Oracle landscapes on a global scale.

We ‘follow the sun’ and function in two hubs, located in the Palo Alto and Amsterdam to provide threat intelligence services, agile support and operate local offices and partner network spanning 20+ countries around the globe.