Close

HAVE QUESTIONS?

A partner account manager can help. Contact us today.

Tweet

SAP Code Security
as a Service

Meet SAAS sap custom code management from ERPScan -
Real SAP Code inspector alternative

NO MORE COMPLEX SAST TOOLS

Why do you need sap code scan?

Interest in SAP security is growing exponentially and the numerous attacks play a significant role in driving this interest. Take, for example, recent breaches revealed in SAP system of a government contractor USIS. Most leading analyst firms such as Gartner and IDC agree that traditional solutions can’t help when it comes to securing ERP systems that so often become targets for attacks. SAP systems and business-critical applications store the most critical corporate data that can at some point be used for espionage, sabotage or fraud purposes.

SAP is more like a framework where at least 50% of code is customized by client. Unfortunately, because of extreme complexity and the high level of customization SAP is vulnerable to many attacks. What's more important, sometimes developers intentionally create backdoors, and those backdoors can be used to steal money from the company or perform other fraudulent actions. Given the complexity of ABAP and JAVA component it’s very likely that developers may have just overlooked vulnerabilities.

Another fact to consider is that it’s almost impossible to automate the processes related to source code security.

We offer you a SAAS Solution which will not only find issues but analyze risks, correlate data, conduct checks for false-positives, provide you with patches and attack signatures. There’s no need to run complex tools anymore.

Current limitations of ABAP security scanning:

  • Configuration and managing is highly time-consuming;
  • Solutions are not CISO-friendly;
  • Scanning results are full of false-positives;
  • Remediation steps are not detailed.

Our solutions don’t have all those limitations. On the contrary, apart from the fact that we managed to overcome limitations, there are some features that make source code scanning more flexible than ever before. For example, whenever a vulnerability is found we can create a signature which will be exportable to IDS/IPS solutions of our partnering vendors such as CISCO and CheckPoint. After this signature is uploaded you’ll be secured from potential attacks even without changing a single line of code. It’s called Virtual Patching.

How can we help with SAP Code Security by sap code scan and remediation?

There are several options for scanning SAP code, designed to suite your needs:

Option 1. ERPScan CheckCode SAAS Standart

What you do?

  • Download your SAP system’s source code;
  • Upload it into our cloud platform hosted in US or EU.

What we do?

  • Send you back ABAP security scanning results with a pdf attached where all the additional details are covered.

Option 2. ERPScan CheckCode SAAS Enterprise

What you do?

  • Download your SAP system’s source code and send it to us.

What we do?

  • Upload your SAP source code into our cloud platform;
  • Perform ABAP code review;
  • Analyze results, clean false-positives, adjust risks.

What you get?

  • Access to our cloud platform to view results;
  • All the results in the form of a pdf report;
  • 2-hour long presentation that covers results and and a Q&A session.

Option 3. ERPScan CheckCode SAAS Ultimate

What you do?

  • Download your SAP system’s source code and send it to us;
  • Upload the source code into our cloud platform.

What we do?

  • Review ABAP code;
  • Take care of results analysis, clean false-positives, adjust risks;
  • Write patches for your code.

What you get?

  • Access to our cloud platform to view results;
  • Pdf report with the results of scanning;
  • Corrections for identified vulnerabilities;
  • List of vulnerability signatures to be uploaded into IDS/WAF;
  • 2-hour presentation on the results and a Q&A session.

What you get after SAP custom code security scan?

You can get scan results in different forms depending on selected option.

  • Access to our Platform for remediation.
  • PDF report with detailed findings and remediation steps.
  • PPTX presentation with highlights.
  • ThreadFix -compatible XML report which you can upload into. ThreadFix – vulnerability management solution from DenimGroup.

Testimonials:

"We would like to thank the world-class security experts of ERPScan for the highly qualified job performed to help us assess the security of our pre-release products."

- Senior Director, Product Security, Technology and Innovation Platform SAP Labs, Palo Alto, USA.

"We're thrilled to recognize next-generation innovation in the information security marketplace and that's why ERPScan has earned this award from Cyber Defense Magazine. Some of the best INFOSEC defenses come from these kinds of forward thinking players who think outside of the box."

- Pierluigi Paganini, Editor-in-Chief, Cyber Defense Magazine.

Interested? Request demo now

A partner account manager can help. Contact us today.

Do you want to get latest news by e-mail?
 Yes No

Want to buy?

After filling out the below information, you will be given a letter with instruction.

Which option do you prefer?

Do you want to get latest news by e-mail?
 Yes No