SAP Secure ABAP Code


Projekte für sicheren kundeneigenen ABAP-Code


To analyze the large number of customer-specific programs and, above all, to improve them sustainably after the analysis, is a project that runs over a longer period of time. Such a project has to be accompanied and coached again and again, but above all, it must be kept in the minds of the participants and the development infrastructure through continuous training as well as control of the developers

SAP Code Vulnerability Analysis

The need to internally check all in-house developments for such vulnerabilities before they are delivered to SAP's own code has led to the development of the SAP Code Vulnerabilty Analysis tool. Here we are partner of SAP in the implementation projects

Virtual Forge Code Prodiler

Our partner company Virtual Forge also has a corresponding product on the market, which has been used by customers for many years .

SAP Secure Code für kundeneigene ABAP-Entwicklungen

Securing customer-specific SAP ABAP developments

An important area of ​​SAP security that only became current in recent years is the analysis of customer-specific SAP programs, which are classically written in the proprietary SAP language ABAP. Again, as in any programming language, classic vulnerabilities can be programmed - be it consciously or unconsciously.

Detecting Dangerous Patterns in Source Code

However, the patterns themselves are significantly different than in a Java stack or a Windows program. The aim of these conventional programs is usually to bring the program either by targeted wrong entries to crash the program (Buffer Overflow) or artificially own code to execute (Code Injection). There are tools with which the customer-specific programs can be analyzed in a mass procedure. The results and findings will then have to be translated into a "Get Clean" project and then into a "Stay Clean" project.

Secure Code - Fast and Agile Projects log (2) has done many projects in the field of SAP Code Security. Motivation was to establish a safety analysis of the contaminated sites, but also a control of externally developed applications or offshore and nearshore developments at all companies. Projects were performed using both the SAP Code Vulnerability Analysis tool and Virtual Forge's Code Profiler. Both companies are consulting partners for the corresponding products

Such a project usually has a long running time (usually one year), but requires only a small amount of consulting work and can also be carried out excellently by spot consulting and remotely. This significantly reduces the cost of such a project.

Benefit from many years of expertise in this area and contact us.