How to efficiently identify and remediate critical vulnerabilities in SAP and other Business Applications. Vulnerabilities in individual applications harbor enormous risks for companies because they can be exploited by hackers to gain access to the corporate network and critical IT infrastructure such as SAP systems. An effective approach to application security management therefore must take the entire application portfolio of a company into consideration. It must evaluate critical vulnerabilities uniform and must be capable to track their remediation, regardless of the programming language or the development environment used. This approach is facilitated by ThreadFix, an open source software offered by Denim Group. In our webinar APPLICATION SECURITY MANAGEMENT we show you: - How you can scan your SAP and other business applications automatically for critical vulnerabilities - How you can easily track the remediation of vulnerabilities with ThreadFix - How you can accomplish important security and quality milestones more easily in your projects

1. APPLICATION
SECURITY
MANAGEMENT

2. How to efficiently identify and
remediate critical vulnerabilities
in SAP and other Business
Applications

3. Agenda
Why measure the effectiveness of your Application Security
Unified Platform
Demo:
Virtual Forge - Code Profiler
Checkmarx - CxSAST
ThreadFix
Q&A
3

4. Why measure the effectiveness of your Application
Security
The state of Application Security
Why traditional tactics of Application Security Management fail
The need to orchestrate tons of security tools for different
purposes
4

5. A unified platform to manage risks in your business
applications
Checkmarx and Virtual Forge provide customers with a feasible
solution based on ThreadFix:
Developed by experienced security practitioners
Combines reports from different code scanners
Provides a landscape wide overview
Easy control and monitoring of effort, timelines and
achievements
Common Weakness Enumeration (CWE)
Free Community Version available
5

6. Integration of CodeProfiler and CxSAST into ThreadFix
Manage your findings from one common platform
CWE Standard Ratings and Certified Integration
Source: ThreadFix by Denim Group
6

7. DEMO
Next Slide
FF >> 4:00 Min.

8. Key Takeaways
You have seen, how you can:
Scan your SAP and other business applications for code
vulnerabilities using CodeProfiler and Checkmarx
Control and monitor the projects overall application security state
Evaluate and prioritize the vulnerabilities found
Track the remediation of vulnerabilities with ThreadFix
8

9. Next Steps?
Download the free ThreadFix Community Edition at www.threadfix.org
Sign up for the free SAP Risk Assessment at www.virtualforge.com
Sign up for a free secure code analysis by Checkmarx‘s CxSAST at
www.checkmarx.com
9

10. Disclaimer
© 2015 Virtual Forge GmbH. All rights reserved.
Information contained in this publication is subject to change without prior notice.
These materials are provided by Virtual Forge and serve only as information.
SAP, ABAP and other named SAP products and services as well as their respective logos are trademarks or registered trademarks
of SAP AG in Germany and other countries worldwide.
All other names of products and services are trademarks of their respective companies. The information in the text are approximate
and is only for information.
Virtual Forge accepts no liability or responsibility for errors or omissions in this publication. From the information contained in this
publication, no further liability is assumed. No part of this publication may be reproduced or transmitted in any form or for any
purpose without the express permission of Virtual Forge GmbH, Germany or Virtual Forge Inc., Philadelphia. The General Terms
and Conditions of Virtual Forge apply.
© 2015 Virtual Forge | www.virtualforge.com | All rights reserved.
10