Maximum protection on all levels, thanks to SAST SUITE.

If your SAP system isn't properly protected on all levels, you're at risk of becoming an easy target. Losing data due to various forms of sabotage can have negative consequences for your company: Your reputation may be irreparably harmed and you may have to pay restitution for damages - or even give up your business, to offer just three examples.

Manufacturers, online security portals, and SAP itself offer regular updates on the latest security flaws. All the more reason to put your infrastructure, databases, and custom ABAP developments under the microscope and analyze all your system interfaces with our SAST SUITE.

This will help you minimize security vulnerabilities and protect your SAP systems from attacks. 

SAST SYSTEM SECURITY VALIDATION

Vulnerability scans to secure your system configuration.

With this SAST SUITE module, you'll get a comprehensive overview of how secure your SAP ERP and S/4HANA infrastructure is right now - and it's all automated in real time!

This is how we enable you to continually analyze and optimize every level of your landscape to address vulnerabilities - including in your operating systems, databases, network configurations - while factoring in critical OSS Notes. It even examines your custom ABAP source code with a a simple string pattern match to identify and eliminate potential flaws.

How SAST SUITE can assist you

  • Comprehensive transparency across system boundaries
  • Accounts for DSAG's auditing guidelines, recommendations from BSI, and SAP's security guidelines
  • More than 4,000 automated checks and security notes that are constantly updated
  • Automated policy-based auditing of security-relevant parameters and settings
  • Analyzes all underlying platforms, from SAP ERP to SAP Mobile Platform (running on the latest release of SAP NetWeaver)
  • Offers dashboard-based security reporting that includes clear recommended actions for eliminating your landscape's vulnerabilities

Are you interested in a full assessment of the critical vulnerabilities in your ABAB code? Then the "SAST Code Management" is just right for you.

SAST INTERFACE MANAGEMENT
SAST SUITE: SAP Vulnerability Assessment

To provide your SAP system with holistic protection, remember to secure your interfaces.

In the process of safeguarding IT systems, interfaces are often neglected, making them a prime target for hackers.

Our experiences in security audits consistently show that insecure SAP connections lay hidden in nearly every system. Should a cyberattack occur, this will give the perpetrators direct access to your SAP systems.

Our SAST Interface Management will enable you to detect and address security holes like these.

How SAST SUITE can assist you

  • Cross-system assessments for SAP ERP and S/4HANA environments
  • Analysis of incoming and outgoing RFC, http, and database connections, along with trust relationships and system traces
  • Generates suitable RFC roles at the click of a mouse
  • Reliable interface scanner
  • Detailed reports in graphical and tabular form, enriched with information on risk classification
  • Central point of control
SAST CODE VULNERABILITY ANALYSIS
SAST SUITE: SAP source code security

Close security gaps in your ABAP code reliably.

You'll only achieve a fundamental level of SAP security if you take a truly head-to-toe approach. That also includes your ABAP code.

The continuous testing of custom developments is as important as the analysis of 3rd party add-ons. But many companies are hesitating. Partly, because of the unmanageable number of identified security gaps or because of being dissatisfied with the results.

So how can identified weaknesses in the coding be efficiently corrected? The Code Vulnerability Analyses of the SAST SUITE provides you with an optimal combination of tool-supported testing of your ABAP programs and an efficient code cleansing, supported by our SAP Security Consultants.

The SAST SUITE identifies security gaps by using standard SAP tools - enhanced by proprietary security rules. This not only allows you to periodically check all applications, but also to enhance your entire code quality by integrating them into your development process.

After the Analysis, our SAP security consultants will show you, solution strategies for closing your security risks, for example by efficiently eliminating weaknesses based on usage statistics. What's best, our soft cleansing approach allows to fix security vulnerabilities without restricting your productive operations.

This procedure has been accepted by auditors also as a targeted measure in dealing with code scan results.

How SAST SUITE can assist you

  • Effective detection of security and compliance issues
  • Saving resources thanks to automated code checking
  • Fixing of vulnerabilities independent of the previously used code analysis tool
  • Unique context analysis allows you to focus on the relevant problems
  • No disruptions to your operative business
  • The source code does not leave your company at any time
  • Know-how transfer for more secure ABAP programming in your company to avoid security gaps in a long-term

One of many satisfied customers:

"The SAST SUITE has given us the perfect solution for our global SAP systems and providing us with permanent vulnerability monitoring. Thanks to the highly competent and motivated support provided by the SAST team, we completed the project on time, in budget and at the specified level of quality."

Success Story "SAP system security for 50 countries"

SAST SOLUTIONS Reference: Logo Takeda
— Manfred Meier
Takeda AG

Modular design. Individual possibilities.

SAST SUITE for ERP or S/4HANA

Privacy settings

Click »Info« to see a list of the used cookies. You can give your consent to the required cookies or statistic cookies. The selection is optional. You can change these settings or delete the cookies in the browser at any time. If you select the »Statistics« option, your opt-in consent also extends to processing in the USA, which is considered by the European Court of Justice as a country with an insufficient level of data protection. Please find further information in our privacy statement.

In this overview you can select and deselect individual cookies of a category or entire categories. You will also receive more information about the cookies available.
Group statistics
Name Leadfeeder
Technical name _lfa
Provider Leadfeeder
Expire in days 730
Privacy policy https://www.leadfeeder.com/privacy/
Use Cookie von Leadfeeder für Website-Analysen. Erzeugt anonyme statistische Daten darüber, wie der Besucher die Website nutzt.
Allowed
Group external media
Name YEXT -Search
Technical name yext
Provider Yext GmbH
Expire in days 0
Privacy policy https://www.yext.de/privacy-policy/
Use Enables intelligent search via YEXT.
Allowed
Name Google Repcatcha
Technical name googleRepcatcha
Provider Google LLC
Expire in days 0
Privacy policy https://policies.google.com/privacy
Use Protect from spam.
Allowed
Name Google Maps
Technical name googleMaps
Provider
Expire in days 6491
Privacy policy
Use Enables the use of Google Maps.
Allowed
Name ClickDimensions
Technical name cuvid,cusid,cuvon,cd_optout_accountkey
Provider ClickDimensions
Expire in days 730
Privacy policy https://clickdimensions.com/solutions-security-and-privacy/
Use Cookie from ClickDimensions for website analysis. Generates anonymous statistical information about how the visitor uses the site.
Allowed
Name YouTube
Technical name youTube
Provider
Expire in days 0
Privacy policy
Use Enables the use of the Youtube video player.
Allowed
Name Google Analytics
Technical name _gid,_ga,1P_JAR,ANID,NID,CONSENT,_ga_JT5V6CR8ZH,_gat_gtag_UA_133169400_1,_gat_gtag_UA_141664271_1,_gat_gtag_UA_127185455_1,_gat_gtag_UA_127561508_1,_gat_gtag_UA_194226577_1
Provider Google LLC
Expire in days 730
Privacy policy https://policies.google.com/privacy
Use Cookie by Google for website analysis. Generates anonymous statistical data about how the visitor uses the website.
Allowed
Group essential
Name Contao CSRF Token
Technical name csrf_contao_csrf_token
Provider
Expire in days 0
Privacy policy
Use Serves to protect the website from cross-site request forgery attacks. After closing the browser, the cookie is deleted again.
Allowed
Name Contao HTTPS CSRF Token
Technical name csrf_https-contao_csrf_token
Provider
Expire in days 0
Privacy policy
Use Serves to protect the encrypted website (HTTPS) against falsification of cross-site requests. After closing the browser the cookie is deleted again
Allowed
Name PHP SESSION ID
Technical name PHPSESSID
Provider
Expire in days 0
Privacy policy
Use PHP cookie (programming language), PHP data identifier. Contains only a reference to the current session. There is no information in the user's browser saved and this cookie can only be used by the current website. This cookie is used all used in forms to increase usability. Data entered in forms will be e.g. B. briefly saved when there is an input error by the user and the user receives an error message receives. Otherwise all data would have to be entered again
Allowed
Name FE USER AUTH
Technical name FE_USER_AUTH
Provider
Expire in days 0
Privacy policy
Use Saves information of a visitor as soon as he logs in to the frontend.
Allowed
Copyright Pathlock Deutschland GmbH. All Rights Reserved.