 |
|
|
|
|
| |
| |
|
|
|
|
|
|
|
Automated testing processes have become an industry best practice. Such processes are very important for assessing code quality before product releases.
In 2007, the usage of white box (code-level) scanners was adopted to a greater extent than black box (execution-level) scanners. SAP also uses code-level scanners to test the quality of ABAP code. This is a key requirement, since more than 90% of the SAP product code is written in ABAP. Since security issues are most critical for productive environments, SAP has always aimed for automated security testing.
SAP has been working with Virtual Forge GmbH, a Germany-based consultancy, regarding software security testing for many years. As an early member of the former SAP’s Global Security Alliance, Virtual Forge is the only company specialized in security for SAP programs written in ABAP and Java.
Virtual Forge recently released the first automated ABAP security scanner: Virtual Forge CodeProfiler. Since the early phases of its development, SAP has tested CodeProfiler in its internal QA teams. Now SAP is using it in internal development processes. SAP’s evaluation revealed that CodeProfiler delivers valuable results, is easy to use, and has a comprehensive rule set. The unique dataflow analysis engine of CodeProfiler significantly reduces the false positive rate and thus greatly reduces manual post-processing of the report.
SAP considers CodeProfiler an efficient way to precisely determine the critical issues at the code level. This greatly improves SAP's QA process and ensures that SAP® products meet industry best practices regarding security and compliance at the code level.
|
|
|
|
|
|
|
|
|
"Security is important to us. And to our customers. It’s good to see that our trusted partner Virtual Forge provided a tool for security test automation. Now all our customers can establish a baseline security level in their ABAP code." |
|
|
| |
|
|
|
|
|
|
|
|
