- IT Security
- SAP Security
- IT Infrastructure
- Managed Services
- Professional Services
- Security TV
CodeProfiler increases security in the system landscape
- Finding Management with CodeProfiler.
CodeProfiler’s database contains patterns for security weaknesses such as
- ABAP Command Injection
- Directory Traversal
- Cross-Site Scripting
- Missing AUTHORITY-CHECK
- Pishing
- SQL Injection
Besides reporting and prioritizing findings, CodeProfiler also helps to fix them: up to 70% of findings can be fixed automatically!
- Findings Summary Document.
TMS/CHaRM Integration
The integration into the SAP Transport Management System (TMS) enables you to check transports with CodeProfiler automatically before the actual release on task level as well as transport level (or both). You can then release them or, if required, re-route them to a defined exception handling process.
The automated check before importing code into an existing system (development, consolidation, production) can be carried out in the same way as the check during the release phase. From a technology point of view, it does not make a difference whether one or more SAP Systems are connected. CodeProfiler supports the common transport and release mechanisms, such as Transport Management System (TMS), Change Request Management (ChaRM), Change und Transportsystem (CTS), as well as CTS plus.
Automated Fixing
CodeProfiler also offers effective, immediate and fast correction of findings with a simple mouse click: built-in expert knowledge helps to find the right mitigation and corrected algorithms and correct the code automatically. Up to 70% of security issues can be fixed by the Automated Correction Engine. This leads to significant cost savings by reduced efforts in mitigation projects and even helps with last minute issues to stay on schedule and go live in time – and safe!
Continuous Improvement drives lower TCO for custom code
To determine whether the ABAP™ code in the development system is error-free, customers employ CodeProfiler early during the development stages. The earlier errors are detected, the cheaper it is to fix them. Next, customers use CodeProfiler in test systems to verify that their specifications have been met. It will ensure that the individual code module, in the context of the application, is secure. The development organization learns, thereby avoiding future errors and costs.
Evaluating quality of 3rd party services
Security specifications and the testing with CodeProfiler should be part of the tender for outsourced development projects. Like this the quality of the deliverables becomes (partially) measurable and customers can automatically verify that requirements are actually met. Customers can also employ CodeProfiler to perform benchmarking and compare the quality of several development projects.
Integration with other solutions
CodeProfiler can be integrated into SAP’s Transport Management System, triggering automatic workflows to resolve findings. For customers that use IBM AppScan to scan Java source code, there is an integration of CodeProfiler with IBM AppScan that provides a unified environment to work with the scan results.
CodeProfiler’s scan results can be forwarded to ArcSight ESM or another Security Information and Event Management (SIEM) solution using IT-CUBE’s agileSI, providing a 360° view of security in the SAP landscape, from security in the source code to secure systems configuration and log analysis!
Additional Information
