SAP Code Security Scan as a Service

Why you need Sap Code Scan?

Interest in SAP security is growing exponentially, and numerous attacks play a significant role in driving this interest. Take, for example, the recent breaches revealed in the SAP system of USIS, a government contractor. Most leading analyst firms, such as Gartner and IDC, agree that traditional solutions cannot help when it comes to securing ERP systems, which so often become targets of attacks. SAP systems and business applications store the most critical corporate data that is threatened by espionage, sabotage or fraud.

SAP is more of a framework, where at least 50% of code is customized by a client. Unfortunately, because of the extreme complexity and the high level of customization, SAP is vulnerable to many attacks. What is more important, sometimes developers intentionally create backdoors, which can be used to steal money from the company or to perform other fraudulent actions. Given the complexity of ABAP and JAVA components, it is very likely that developers may have just overlooked the vulnerabilities.

Another fact to consider is that it is almost impossible to automate the processes related to source code security.

We offer you the SAAS Solution that will not only find issues, but also analyze risks, correlate data, conduct checks for false positives, and provide you with patches and attack signatures. There is no need to run complex tools anymore.

Current limitations of ABAP security scanning:

  • Configuration and management is highly time-consuming;
  • Solutions are not CISO-friendly;
  • Scanning results are full of false positives;
  • Remediation steps are not detailed.

Our solution overcomes these limitations. Moreover, it has features that make source code scanning more flexible than ever before. For example, whenever a vulnerability is found, we can create a signature, which can be exported to IDS/IPS solutions of our partner vendors, such as CISCO and CheckPoint. After the signature is uploaded, you will be secured from potential attacks without changing even a single line of code. This feature is called Virtual Patching.

How can we help with SAP Code Security by SAP Code Scan and remediation?

There are several options for scanning SAP code that are designed to suit your needs:

Option 1. ERPScan CheckCode SAAS Standard

What do you do?

  • Download your SAP system’s source code;
  • Upload it to our cloud platform hosted in the US or the EU.

What do we do?

  • Send the ABAP security scanning results back to you with a PDF attached, covering all the additional details.

Option 2. ERPScan CheckCode SAAS Enterprise

What do you do?

  • Download your SAP system’s source code and send it to us

What do we do?

  • Upload your SAP source code to our cloud platform;
  • Perform ABAP code review;
  • Analyze results, clean false positives, adjust risks.

What do you get?

  • Access to our cloud platform to view the results;
  • All the results in the form of a PDF report;
  • A 2-hour presentation on the results and a Q&A session.

Option 3. ERPScan CheckCode SAAS Ultimate

What do you do?

  • Download your SAP system’s source code and send it to us;
  • Upload the source code to our cloud platform.

What do we do?

  • Review ABAP code;
  • Take care of the analysis results, clean false positives, adjust risks;
  • Write patches for your code.

What do you get?

  • Access to our cloud platform to view the results;
  • PDF report with the scanning results;
  • Corrections for identified vulnerabilities;
  • List of vulnerability signatures to be uploaded into IDS/WAF;
  • A 2-hour presentation on the results and a Q&A session.

What do you get after SAP custom Code Security Scan?

You can get the scanning results in different forms depending on the selected option.

  • Access to our platform for remediation.
  • PDF report with detailed findings and remediation steps.
  • PPTX presentation with highlights.
  • ThreadFix-compatible XML report, which you can upload into ThreadFix – vulnerability management solution from DenimGroup.

Customers

Certification

Awards

Cybersecurity Excellence Awards
“The ERPScan Security Monitoring Suite implements a unique product design by externally and passively monitoring SAP systems as well as entire landscapes, covering all relevant security aspects (including Segregation of Duties but going far beyond that) of SAP systems from a single security monitoring platform.” Matthias Reinwarth, KuppingerCole

Interested? Request demo now

Contact us today.

Select your country:

Subscribe me your to mailing list