For years, companies have been using an ever-greater proportion of custom applications and third-party add-ons for SAP systems. But how secure are they?
In such cases, using suitable tools to check these applications for security flaws and risks is highly recommended. And the best part? Your SAP NetWeaver license already includes SAP Code Inspector and ABAP Test Cockpit - two tools that constitute fundamental components of high-quality software development.
Our experts will help you combine them with the over 40 additional code-checking rules SAST SUITE provides, thus establishing a complete and sophisticated rule package that will reveal the security vulnerabilities in your systems. In addition, the clearly prioritized recommendations we offer will serve as an ideal basis for gradually addressing any critical findings.
At a glance
- Initial workshop (situational assessment, guidelines, process)
- Introduction and activation of SAST's additional checking rules (around 40 checks defined in terms of their target content)
- Findings prioritized by severity (notifications, warnings requiring expert review, highly critical flaws)
- SAP Code Vulnerability Analyzer (CVA) not required; the SAST Suite package includes all relevant checking rules
- Optional: Developer workshops on achieving long-term improvements in code security
- Optional: Integration of SAP ABAP Test Cockpit (ATC) into your development processes
How our source code analysis can assist you
- Reliable quality assurance for the software and add-ons you develop in-house
- Final report with prioritized vulnerabilities and specific recommendations
- Options to adapt check variants, make custom additions to your rule set, and define exception days to reduce erroneous findings
- Source code remains in your SAP system
- No licensing costs for SAP Code Inspector (included out-of-the-box)
- No flat fee for maintaining SAST's additional checking rules
Analyzing the source code of the in-house developments and add-ons you use is a crucial first step toward enhancing not only your software, but your IT security and compliance, as well.
As a second step, we recommend scheduling a specialized workshop with our security experts to achieve long-term improvements in your development processes.
This approach will give your developers the option to run ongoing checks on their code and receive tailored reports that provide full transparency into their current security status.