 |
|
News Archive |
|
|
|
|
| |
| Quality Assurance for ABAP Applications - Virtual Forge CodeProfiler licensed by SAP | |
|
|
Aiming to expand the quality assurance of SAP® software enhancements, SAP AG (NYSE: SAP) has now licensed the testing software CodeProfiler, of the ABAP™ programming language security specialist Virtual Forge. This tool is the first solution on the market for static analysis of ABAP applications with a specific focus on security and compliance tests. CodeProfiler offers SAP customers that have developed their own ABAP code extensive quality assurance. Even development divisions of SAP employ this tool amongst other quality assurance tools. Based on data and control flow analysis, CodeProfiler delivers reliable test results within a short period of time. The tool analyzes up to 5.000 line of source code per second. Thus, even tests of extensive software applications are possible anytime.
Read the full press release here.
| |
|
|
|
| |
| CodeProfiler in the Press: it&t business | |
|
|
At SAP TechEd in Vienna, it&t busines, an Austrian specialist journal for enterprise solutions, took notice of Virtual Forge's CodeProfiler; Virtual Forge member Karsten Günther had a talk to one of the journalists. In its November issue, it&t business presents CodeProfiler as a special solution to secure SAP systems.
Read full article at it&t business (in German language)
| |
|
|
|
| |
| Protection for SAP Applications: Virtual Forge and art of defence combine their security know-how | |
|
|
Today, art of defence, the leading distributed web application firewall (dWAF) provider, and Virtual Forge, the leader in SAP software security, announced they have partnered through product integration to end the need for security hot-patches on SAP systems.
Companies that depend on SAP technology now have the ability to discover and shield any software security issues before they become problems without bringing the system off-line, avoiding unplanned down time.
Patch development is saved for regularly scheduled cycles, increasing overall system productivity and improving the quality of patches.
Read full press release here
| |
|
|
|
| |
| Students at FH Brandenburg certified according to ISSECO standard "Certified Professional for Secure Software Engineering" | |
|
|
In 2008, Virtual Forge together with other Companies founded the new standard "ISSECO Certified Professional for Secure Software Engineering" to provide advanced skills in secure software engineering for developers. Programmers, testers, quality managers and project managers are trained on integrating security measures into the software development lifecycle.
At FH Brandenburg, students got certified according to the new standard for the first time. The students were teached by Prof. Dr. Sachar Paulus; he also offers ISSECO trainings in cooperation with Virtual Forge.
Read the complete iSQI press release here (in German language)
| |
|
|
|
| |
| Software Security continues to be a must-have - even in the face of worldwide recession | |
|
|
Our friend and business partner Gary McGraw continues his insightful observations of the security market. It's good to see that the white-box approach based on code analysis is continuously perceived as the better approach. And we are happy that we are still on his radar.
Here's a collection of nice statements from Gary's article:
- "Gary McGraw details the continued growth of the software security industry, even in the face of worldwide recession."
- "In 2007, the white box code review companies’ combined revenue eclipsed the black box Web app testing tool vendors’ combined revenue. [...] this trend continues in 2008. I think this is a very healthy development, demonstrating that the market is becoming ever more interested in solving software security issues and not simply diagnosing them."
- "The European market continues slow growth on the services front, with small firms such as Minded Security (Italy), Virtual Forge (Germany), and Security Innovation (Amsterdam) providing advocacy for the space."
Read the complete article here
| |
|
|
|
| |
| Virtual Forge and akquinet provide joint offering for secure SAP Applications | |
|
|
Through the new partnership of Virtual Forge and akquinet AG the customers will benefit from a complete security chain for SAP-Systems.
Both companies bundle their products CodeProfiler (Virtual Forge) and SAST (akquinet). That way technical security, application security as well as risk management of SAP-Systems is covered completely. Whereas CodeProfiler automatically finds backdoors, missing authority checks and manipulation of databases in the ABAP code, SAST tests the technical configuration and customized authorizations for security risks. Together with our profound consulting, security leaks are detected quickly. This way, customers and employees can be extensively trained and coached in the mitigation of these risk factors.
Read full press release
| |
|
|
|
| |
| Strategic Partnership between EUROSEC and Virtual Forge in the field of SAP Security | |
|
|
The leading business software security companies EUROSEC and Virtual Forge, both early members of the SAP Global Security Alliance, are now entering into a strategic partnership. While cooperating in customer projects, both companies realized the significant added value their combined expertise provides for customers.
While we focus on analyzing the security of the SAP platform, SAP systems, and the security concepts in complex SAP landscapes, Virtual Forge analyzes the security of SAP-based applications on code level. In this process, insecure coding can be replaced by secure code. A combination of these two approaches offers our customers a complete picture of their security level, and enables them to make the right decisions”, explains Stefan Fünfrocken, CEO of EUROSEC GmbH.
We have identified a number of scenarios that open up completely new possibilities for our customers. The common denominator here is always the systematic identification of company risks, which we need to approach from different levels. Our customers now benefit from the fact that we can carry out complementary checks. While Virtual Forge tests the applications, EUROSEC focuses on things like the Going-Live Check or analyzes the system landscape that forms the context for the application. This way, our customers can achieve the best possible transparency regarding their security level and existing risks“, say Andreas Wiegenstein und Dr. Markus Schumacher, CEOs of Virtual Forge.
The cooperation between Virtual Forge and EUROSEC becomes effective immediately. Please direct consulting requests to their respective sales departments in Heidelberg (Virtual Forge) and Kronberg (EUROSEC).
| |
|
|
|
| |
| ObjectSecurity and Virtual Forge announce global SOA security partnership | |
|
|
Virtual Forge, the Business Application Security Company with focus on SAP and ObjectSecurity, the leading solutions provider and expert for model-driven enterprise security management, SOA security management, secure middleware, and secure information sharing in mission-critical industries today announced a new partnership. Virtual Forge of Heidelberg, Germany, and Object Security of Cambridge, UK announced their partnership to provide seamless processes, services and products for future SOA environments. While Virtual Forge provides security and assurance by means of establishing a quality system for secure applications, Object Security provides trust and control by implementing security policy management and enforcement solutions.
"VirtualForge’s knowledgeable team is a good partner to provide pervasive security solutions for SAP systems and other complex IT landscapes." said Ulrich Lang, CEO of Object Security, "We are looking forward to working together with Virtual Forge to solve the pressing security issues faced by most larger organizations today."
"ObjectSecurity will be a reliable partner to enforce the management of application security risks on a level that is needed for evolving SOA solutions." said Markus Schumacher, CEO of Virtual Forge, "We’re excited by our new relationship with ObjectSecurity and look forward to the improved support for our customers managing the risks of their business applications."
Virtual Forge and Object Security start their collaboration immediately in both the United States and Europe. Enquiries to each should be directed to their corporate offices.
You can read the complete press release here.
| |
|
|
|
| |
| Virtual Forge CEO Dr. Markus Schumacher Contributes Article to DuD | |
|
|
Together with Dominik Witte of Virtual Forge partner SecurIntegration, Dr. Markus Schumacher has published an article called "Secure SOA - New and Known Challenges".
The authors describe the most pressing security-related issues in service-oriented architectures and present possible solutions. The article will be published in the 31st edition (2007) of the monthly IT security journal "DuD - Datenschutz und Datensicherheit".
You can read the article here.
| |
|
|
|
| |
| Virtual Forge CEO Dr. Markus Schumacher Supports ISQI in Setting up a Software Security Program | |
|
|
Dr. Markus Schumacher was appointed to a new section of ISQI (International Software Quality Institute) dedicated to the certification of security experts.
ISQI provides comprehensive services around software quality, offering IT professionals such as testers or software architects the possibility to obtain certificates.
Software security is the latest addition to ISQI’s certification program. Dr. Schumacher will play a major role in establishing the new program.
Learn more about ISQI on their homepage.
Further information on the new standard "Certified Professional for Secure Software Engineering" can be found in the ISQI press release.
| |
|
|
|
| |
| Interview with Dr. Markus Schumacher | |
|
|
"All About Security", a German security Internet portal, publishes an interview with Virtual Forge's CEO Dr. Markus Schumacher.
Dr. Schumacher talks about the outstanding importance of an efficient risk management due to continuously increasing legal requirements.
Read the complete interview at www.all-about-security.de.
| |
|
|
|
| |
| Virtual Forge in the News | |
|
|
Dr. Markus Schumacher is the reference expert in an article published by "IT im Unternehmen", a German information web site specialized in business oriented IT.
Starting from the slogan "Tool + Human Expert = Secure Software", the article shows up that tools like software scanners can be helpful for finding security issues in software applications but that for reliable results the expertise of human testers is absolutely essential.
You can read the article at www.it-im-unternehmen.de.
| |
|
|
|
| |
| Virtual Forge's CEO at the DuD Conference - Echo in IT specialized media | |
|
|
Dr. Markus Schumacher's session on web application security was reviewed in two web sites specialized in IT news, Golem and PCgo.
The reporting summarized Dr. Schumacher's lecture and focused on his explanations of the chances and boundaries of software scanners. In this context, the results of Virtual Forge's study on web scanners were presented to illustrate the limitations of such tools.
You can read the full article at Golem or PCgo.
| |
|
|
|
| |
| Virtual Forge and Security Innovation announce global SAP application security services partnership | |
|
|
Virtual Forge today announced its partnership with Security Innovation, a specialist in application security and provider of risk assessment, risk mitigation and training services based in the US.
This partnership will allow Virtual Forge and Security Innovation to provide complete and seamless application security services to companies utilizing a combination of SAP and other business applications. Each company brings to the partnership specific software security and development lifecycle expertise that combined provide a complete application security program for SAP customers.
"Working with a reliable, expert partner to manage application security is a boon for companies that don’t have expertise in that area, because the development of a secure application environment is critical to success for both the company and its customers", said Markus Schumacher, CEO of Virtual Forge. "Partnering with Security Innovation allows us to offer world-class security services and support to our customers in the SAP application world."
Click here to read the complete press release.
| |
|
|
|
| |
| Virtual Forge at the EUROPEAN SECURITY AWARENESS DAY #1, BRUSSELS | |
|
|
Virtual Forge CTO Andreas Wiegenstein presented the Virtual Forge application security solution portfolio at the "First European Security Awareness Day" in Brussels.
The high level event addressed some of the information security challenges that technology providers are facing today and what they expect the problems to be in the coming years.
The participants discussed how they could respond to the challenges facing them within the current of EU regulatory framework and what role the industry and policy makers could play in order to improve the security of software applications and services.
Keynotes of Vivian Reding, European Commissioner for Information Society and Media, Udo Helmbrecht, Federal Office for Information Security (BSI) and a workshop from SAP CSO Sachar Paulus showed the importance of application security and a need for self regulation to improve software and application security.
Virtual Forge CTO Andreas Wiegenstein presented the virtual forge application security solution portfolio in an exhibition break out session to more than 150 policy makers, senior executives from service and software companies - in particular Chief Security Officers of both large and medium-size companies - and technology users.
Please check the agenda for more information.
| |
|
|
|
| |
| Article on secure web applications in DuD | |
|
|
Dr. Markus Schumacher and Andreas Wiegenstein published an article on advantages and disadvantages of automated tools for testing the security of web application code.
The article can be found in the October issue of "DuD - Datenschutz und Datensicherheit".
Visit the DuD website for more information.
| |
|
|
|
| |
| SAP TechEd 2006, Las Vegas: Special offer for 10-Day Security Assessment | |
|
|
The SAP security companies Virtual Forge and SecurIntegration have announced their strategic partnership in the US at SAP TechEd, Las Vegas. In order to point out the benefits of this partnership, both companies have composed a unique offer to assess all the security aspects of critical business applications in four phases: 1) Threat Modeling, 2) Review of Security configuration, 3) prioritized code review, and 4) Reporting.
Our very 10-day unique security assessment can be booked for a very special price of 12.000 US$. Feel free to contact our security teams for more details and power up your security today.
Click here to read the flyer with further information.
| |
|
|
|
| |
| Writing Fast and Secure Code in C | |
|
|
C specialist Sebastian Schinzel gives advice on security pitfalls in this programming language.
He presents an overview on common patterns that lead to vulnerabilities and describe approaches how to develop code that is functionally equivalent and secure. Additionally, he shows how to make string handling in C fast, elegant and secure.
The whitepaper can be found in the Resource Area.
| |
|
|
|
| |
| First book on Security Patterns shipped | |
|
|
CEO Dr. Markus Schumacher, the lead editor of this three-year writing project, is happy to announce that "Security Patterns: Integrating Security and Systems Engineering" is available at Wiley now.
| |
|
|
|
| |
| Sales Partnership between Virtual Forge and SHE AG | |
|
|
Virtual Forge extends its expert network in the German and European market and enters into a partnership with the security consulting company SHE Informationstechnologie AG. Dr. Wilfried Schmitz, Chief Technology Officer of the SHE AG sees the advantages of the partnership: "Usually our customers are IT or security specialists that don’t speak the same language as SAP experts. As a result, severe weakness in the security chain can occur. Together with Virtual Forge we can now close this gap effectively." Dr. Markus Schumacher, CEO of Virtual Forge explains: "All of our customers will be happy as this partnership mutually completes our portfolio. Whereas SHE focuses an system and infrastructure security, we offer consulting services, products and solutions in the SAP security context. That way, our customers get comprehensive answers to key security questions."
Take a look at the SHE Newsletter for more information.
| |
|
|
|
| |
| Strategic Partnership between Virtual Forge and SecurIntegration with focus on SAP Security and GRC Consulting | |
|
|
The international SAP Security consulting companies SecurIntegration GmbH and Virtual Forge GmbH announce their strategic partnership in the field of SAP Security and GRC (Governance, Risk and Compliance). Securing enterprise assets against manipulation and theft is today more and more important in order to ensure business success. New laws and strict enterprise guidelines have been put into place in order to address such risks. Regulations such as the Sarbanes-Oxley Act (SOX), the Health Insurance Portability and Accountability Act (HIPAA), BASEL II, FDA Part 11 and the Safe Harbor Act (EU Data Protection Directive) require internal controls for critical business processes. It is important to analyse these controls and to check them regularly. Thus, SAP offers tools and guidelines for security and GRC. Together, SecurIntegration and Virtual Forge offer help in setting up these tools, implementing the guidelines and fulfilling regulatory compliance.
| |
|
|
|
