Business Need to Secure SAP Applications
As you know, SAP is a business-critical application that is used by many global companies for management of their business processes. Worldwide, SAP collaborates with numerous partners who have added their own customized ABAP code to their SAP base installations. While this approach helps organizations to tailor SAP applications to their specific needs, it can also increase the risk of introducing vulnerabilities and security holes into their SAP application base. As SAP is usually utilized in critical functions of most businesses, the need for security is very high. Companies need to take extra steps to ensure that the code they are deploying to production is as secure as possible.
To understand the real-life financial impacts that insecure code can have on your organization, read our recent blog, which spotlights key financial findings from Ponemon Institute’s “Application Security in the DevOps Environment” study.
Protect SAP ABAP Code with AppScan SAST
This is where SAP and HCL AppScan’s SAST capabilities come together. AppScan can help you to scan custom ABAP code with the introduction of SAST for ABAP.
And, you may not be aware that HCL is one of the strongest SAP practices in the world. HCL has its own SAP Center of Excellence (CoE) where very bright and experienced SAP practitioners can be found. The Center of Excellence, also known as Digilabs, has been focused on integrating HCLSoftware’s offerings with the SAP environment. HCL solutions like AppScan, HCL Launch, HCL Accelerate and others are being enhanced to add value to SAP’s DevSecOps Space.
AppScan: Now Supporting SAP/ABAP
By leveraging HCL SAP’s CoE specialists with AppScan’s SAST know-how, we are proud to announce HCL AppScan’s support for SAP/ABAP.
Yes, you read that right! AppScan’s SAST supports scanning of ABAP ECC versions 6 and above. Appscan is capable of scanning backend ABAP code, giving you the edge to scan your business-critical applications. AppScan performs static analysis of the ABAP source code and uncovers vulnerabilities in the code such as XSS, SQL Injection, Potential Unauthorized Access to Directories and Files (Directory Traversal), Manipulation in Dynamic Calls (Call Injections), Insufficient Authorization Checks or User Administration Bypassed, just to name a few.
What sets AppScan apart from the rest is our capability to add knowledge about the application portfolio under a single pane of glass. Whether you’re looking at SAP applications or applications that are developed with other enterprise frameworks based on Java, .Net, Node, PHP (and any of our other supported languages), AppScan can now provide you with a single solution to cover all of your needs. Additionally, AppScan can leverage its leading Dynamic Application Security Testing (DAST) capabilities to test applications where the source code is unavailable, for extra assurance.
When it comes to working with developers, the advantage with AppScan’s SAST scanning of ABAP (as with any other languages that are being scanned by AppScan) is our usage of fix groups and detailed security reports, which can help your your developers to easily tackle problems on their own.
To Learn More
To learn more about AppScan’s SAP ABAP testing capabilities, request a demo now or start your 30-day free trial of our Application Security Testing solution right away. We will be updating this blog as new materials become available, so please keep posted.