SlideShare ist ein Scribd-Unternehmen logo

How the U.S. Department of Defense Secures Its Custom ABAP Code

Virtual Forge
Virtual Forge

Christine Warring, Project Manager at the DoD, presented at this year's SAP TechEd, how she and her team managed to successfully pass all tests and audits for a self-developed SAP-based medical logistics system for the armed forces and ultimately to obtain "Authority to Operate" - authorization to start operating. She also gives recommendations for the testing of custom SAP applications.

Software
1 von 18
Downloaden Sie, um offline zu lesen
/* How the U.S. Department of Defense Secures Its Custom ABAP Code */ #SAPtd
How the U.S. Department of Defense Secures Its Custom ABAP Code Christine Warring TEWLS Sustainment Project Manager, JMLFDC CACI Contractor © 2015, Virtual Forge, Inc. All rights reserved.
Agenda  SAP TEWLS @ Department of Defense  Challenges  Custom ABAP  Best Practices
SAP TEWLS @ Dept of Defense
SAP TEWLS @ Dept of Defense Custom ABAP Applications Theater Enterprise Wide Logistics System (TEWLS)   SAP-based Enterprise Resource Planning   Supports theater-level medical logistics   Developed by US Army to replace TAMMIS   Single shared data environment   Developed in ABAP 5
SAP TEWLS @ Dept of Defense Custom ABAP Applications What is TEWLS?   Enterprise-level total life cycle management of medical assemblages   Development   Production   Fielding   Sustainment   Theater Intermediate-Level Medical Logistics:   Acquisition & life-cycle management   Strategic programs for mobilization & deployment of materials   Theater Supply Chain Management to include full storage and distribution capabilities for Medical Materials (TLAMM)   Compliance with Federal Financial Management Improvement Act (FFMIA); Standard Financial Information Structure (SFIS); Federal Information System Controls Audit Manual (FISCAM) 6
Challenges
Challenges Passing the Test Department of Defense Adopted TEWLS   TEWLS to be used for all armed forces   Required to prove that ABAP code was secure and compliant The Problem   Static code scanning required   Code scanning solution that DOD mandated did not produce accurate results   Unable to go live without Authority to Operate (ATO)! 8
Challenges The Problem Limitations with existing tools   Many false findings   Inconsistent results (even with same code base)   Developers could not use day to day   Limited test scope   No help with remediation! Impact   Used valuable resource time working through false results   Unable to prove that the code was secure and compliant to finalize DOD ATO   Annoyed developers   Late feedback for developers 9
Challenges The Solution ABAP Scanning with CodeProfiler   Accurate results with prioritized findings   Comprehensive testing   Developers can correct and learn while the work   Detailed remediation instructions and auto correction Results   Able to scan and remediate vulnerabilities quickly   Reduced number of code corrections required   Improved developer skills   Reduced effort and time spent on code reviews   Ensured ALL code meets security and compliance requirements 10
Custom ABAP Are your custom applications compliant?   ATO (Authority To Operate)   PII (Personally Identifiable Information)   PIA (Privacy Impact Assessment)   PCI-DSS (Payment Card Industry Data Security Standard)   Internal standards 11
Best Practices
Best Practices Recommended Testing   Security and compliance   Performance   Stability and robustness   Maintainability 13
Best Practices Code Reviews Top 11 Most Dangerous Security Vulnerabilities: 1.  ABAP Command Injection 2.  OS Command Injection 3.  Native SQL Injection 4.  Improper Authorization Checks 5.  Directory Traversal 6.  Direct Database Modifications 7.  Cross-Client Database Access 8.  Open SQL Injection 9.  Generic Module Execution 10.  Cross-Site Scripting 11.  Hidden ABAP code 14
Best Practices Lessons Learned/Recommendations   Custom code can be a source of risk to SAP systems.   Automated testing is necessary to ensure code security and quality.   All solutions are not alike – Compare!   Start now. Don’t wait for an incident to occur. 15
Virtual Forge CodeProfiler Free Risk Assessment Offer! How good is your SAP system? Visit www.virtualforge.com ü  Summary of findings ü  Priorization and classification of vulnerabilities ü  Specific examples of findings ü  Code and system metrics Quality Compliance Security SAP- System Risk Assessment / Penetration Test •  SAP configuration •  Custom code Free 16
www.virtualforge.com @Virtual_Forge Thank you!
Disclaimer © 2015 Virtual Forge Inc. All rights reserved. SAP, R/3, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG. All other product and service names mentioned are the trademarks of their respective companies. Information contained in this publication is subject to change without prior notice. It is provided by Virtual Forge and serves informational purposes only. Virtual Forge is not liable for errors or incomplete information in this publication. Information contained in this publication does not imply any further liability. Virtual Forge Terms and Conditions apply. See www.virtualforge.com for details.

Empfohlen

Case Study: ABAP Development Life Cycle and Governance at THE GLOBE AND MAIL ...
Case Study: ABAP Development Life Cycle and Governance at THE GLOBE AND MAIL ...Case Study: ABAP Development Life Cycle and Governance at THE GLOBE AND MAIL ...
Case Study: ABAP Development Life Cycle and Governance at THE GLOBE AND MAIL ...Virtual Forge
 
How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...
How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...
How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...Virtual Forge
 
Case Study: Automating Code Reviews for Custom SAP ABAP Applications with Vir...
Case Study: Automating Code Reviews for Custom SAP ABAP Applications with Vir...Case Study: Automating Code Reviews for Custom SAP ABAP Applications with Vir...
Case Study: Automating Code Reviews for Custom SAP ABAP Applications with Vir...Virtual Forge
 
Is your SAP system vulnerable to cyber attacks?
Is your SAP system vulnerable to cyber attacks?Is your SAP system vulnerable to cyber attacks?
Is your SAP system vulnerable to cyber attacks?Virtual Forge
 
Best Practices for Ensuring SAP ABAP Code Quality and Security
Best Practices for Ensuring SAP ABAP Code Quality and SecurityBest Practices for Ensuring SAP ABAP Code Quality and Security
Best Practices for Ensuring SAP ABAP Code Quality and SecurityVirtual Forge
 
Managing SAP Custom Code
Managing SAP Custom CodeManaging SAP Custom Code
Managing SAP Custom CodeTony de Thomasis
 
Monitoring and Instrumentation Strategies: Tips and Best Practices - AppSphere16
Monitoring and Instrumentation Strategies: Tips and Best Practices - AppSphere16Monitoring and Instrumentation Strategies: Tips and Best Practices - AppSphere16
Monitoring and Instrumentation Strategies: Tips and Best Practices - AppSphere16AppDynamics
 
From APM to Business Monitoring with AppDynamics Analytics
From APM to Business Monitoring with AppDynamics AnalyticsFrom APM to Business Monitoring with AppDynamics Analytics
From APM to Business Monitoring with AppDynamics AnalyticsAppDynamics
 

Empfohlen

Case Study: ABAP Development Life Cycle and Governance at THE GLOBE AND MAIL ...
Case Study: ABAP Development Life Cycle and Governance at THE GLOBE AND MAIL ...Case Study: ABAP Development Life Cycle and Governance at THE GLOBE AND MAIL ...
Case Study: ABAP Development Life Cycle and Governance at THE GLOBE AND MAIL ...Virtual Forge
 
How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...
How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...
How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...Virtual Forge
 
Case Study: Automating Code Reviews for Custom SAP ABAP Applications with Vir...
Case Study: Automating Code Reviews for Custom SAP ABAP Applications with Vir...Case Study: Automating Code Reviews for Custom SAP ABAP Applications with Vir...
Case Study: Automating Code Reviews for Custom SAP ABAP Applications with Vir...Virtual Forge
 
Is your SAP system vulnerable to cyber attacks?
Is your SAP system vulnerable to cyber attacks?Is your SAP system vulnerable to cyber attacks?
Is your SAP system vulnerable to cyber attacks?Virtual Forge
 
Best Practices for Ensuring SAP ABAP Code Quality and Security
Best Practices for Ensuring SAP ABAP Code Quality and SecurityBest Practices for Ensuring SAP ABAP Code Quality and Security
Best Practices for Ensuring SAP ABAP Code Quality and SecurityVirtual Forge
 
Managing SAP Custom Code
Managing SAP Custom CodeManaging SAP Custom Code
Managing SAP Custom CodeTony de Thomasis
 
Monitoring and Instrumentation Strategies: Tips and Best Practices - AppSphere16
Monitoring and Instrumentation Strategies: Tips and Best Practices - AppSphere16Monitoring and Instrumentation Strategies: Tips and Best Practices - AppSphere16
Monitoring and Instrumentation Strategies: Tips and Best Practices - AppSphere16AppDynamics
 
From APM to Business Monitoring with AppDynamics Analytics
From APM to Business Monitoring with AppDynamics AnalyticsFrom APM to Business Monitoring with AppDynamics Analytics
From APM to Business Monitoring with AppDynamics AnalyticsAppDynamics
 
Say Goodbye To Old Tools And Stay Sane
Say Goodbye To Old Tools And Stay SaneSay Goodbye To Old Tools And Stay Sane
Say Goodbye To Old Tools And Stay SaneInflectra
 
Keynote: Inflectra Company Vision - InflectraCon 2019
Keynote: Inflectra Company Vision - InflectraCon 2019Keynote: Inflectra Company Vision - InflectraCon 2019
Keynote: Inflectra Company Vision - InflectraCon 2019Inflectra
 
Under the Hood: Monitoring Azure and .NET - AppSphere16
Under the Hood: Monitoring Azure and .NET - AppSphere16Under the Hood: Monitoring Azure and .NET - AppSphere16
Under the Hood: Monitoring Azure and .NET - AppSphere16AppDynamics
 
Spira Plan Overview Presentation
Spira Plan Overview PresentationSpira Plan Overview Presentation
Spira Plan Overview PresentationAdam Sandman
 
Testing 2: Advanced Test Management
Testing 2: Advanced Test Management Testing 2: Advanced Test Management
Testing 2: Advanced Test Management Inflectra
 
Test Masters 2016 Spring Conference
Test Masters 2016 Spring ConferenceTest Masters 2016 Spring Conference
Test Masters 2016 Spring ConferenceAdam Sandman
 
Memory Heap Analysis with AppDynamics - AppSphere16
Memory Heap Analysis with AppDynamics - AppSphere16Memory Heap Analysis with AppDynamics - AppSphere16
Memory Heap Analysis with AppDynamics - AppSphere16AppDynamics
 
Rapise Overview Presentation
Rapise Overview PresentationRapise Overview Presentation
Rapise Overview PresentationAdam Sandman
 
Rapise Overview Presentation (2021)
Rapise Overview Presentation (2021)Rapise Overview Presentation (2021)
Rapise Overview Presentation (2021)Inflectra
 
Integration strategies best practices- Mulesoft meetup April 2018
Integration strategies best practices- Mulesoft meetup April 2018Integration strategies best practices- Mulesoft meetup April 2018
Integration strategies best practices- Mulesoft meetup April 2018Rohan Rasane
 
Spira 101 - How We Designed Spira To Be Used: InflectraCon 2019
Spira 101 - How We Designed Spira To Be Used: InflectraCon 2019Spira 101 - How We Designed Spira To Be Used: InflectraCon 2019
Spira 101 - How We Designed Spira To Be Used: InflectraCon 2019Inflectra
 
Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16
Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16
Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16AppDynamics
 
Inflectra Partner Program 2022
Inflectra Partner Program 2022Inflectra Partner Program 2022
Inflectra Partner Program 2022Inflectra
 
Performance Monitoring and Testing in the Salesforce Cloud
Performance Monitoring and Testing in the Salesforce CloudPerformance Monitoring and Testing in the Salesforce Cloud
Performance Monitoring and Testing in the Salesforce CloudSalesforce Developers
 
AppDynamics Administration - AppSphere16
AppDynamics Administration - AppSphere16AppDynamics Administration - AppSphere16
AppDynamics Administration - AppSphere16AppDynamics
 
Advanced CA Endevor® Software Change Manager Processor Coding Techniques: Pra...
Advanced CA Endevor® Software Change Manager Processor Coding Techniques: Pra...Advanced CA Endevor® Software Change Manager Processor Coding Techniques: Pra...
Advanced CA Endevor® Software Change Manager Processor Coding Techniques: Pra...CA Technologies
 
The Digital Experience Report: Best of the Web 2016
The Digital Experience Report: Best of the Web 2016The Digital Experience Report: Best of the Web 2016
The Digital Experience Report: Best of the Web 2016Dynatrace
 
Compare & Contrast How Industries Use Spira
Compare & Contrast How Industries Use SpiraCompare & Contrast How Industries Use Spira
Compare & Contrast How Industries Use SpiraInflectra
 
Inflectra Overview Presentation (2021)
Inflectra Overview Presentation (2021)Inflectra Overview Presentation (2021)
Inflectra Overview Presentation (2021)Inflectra
 
Training Webinars - Secret hacks for OutSystems 10
Training Webinars - Secret hacks for OutSystems 10Training Webinars - Secret hacks for OutSystems 10
Training Webinars - Secret hacks for OutSystems 10OutSystems
 
Case Study: Ensuring the Quality and Security of Custom SAP Applications at t...
Case Study: Ensuring the Quality and Security of Custom SAP Applications at t...Case Study: Ensuring the Quality and Security of Custom SAP Applications at t...
Case Study: Ensuring the Quality and Security of Custom SAP Applications at t...Virtual Forge
 
SAP NetWeaver Application Server Add-On for Code Vulnerability Analysis Overview
SAP NetWeaver Application Server Add-On for Code Vulnerability Analysis OverviewSAP NetWeaver Application Server Add-On for Code Vulnerability Analysis Overview
SAP NetWeaver Application Server Add-On for Code Vulnerability Analysis OverviewSAP Technology
 

Weitere ähnliche Inhalte

Was ist angesagt?

Say Goodbye To Old Tools And Stay Sane
Say Goodbye To Old Tools And Stay SaneSay Goodbye To Old Tools And Stay Sane
Say Goodbye To Old Tools And Stay SaneInflectra
 
Keynote: Inflectra Company Vision - InflectraCon 2019
Keynote: Inflectra Company Vision - InflectraCon 2019Keynote: Inflectra Company Vision - InflectraCon 2019
Keynote: Inflectra Company Vision - InflectraCon 2019Inflectra
 
Under the Hood: Monitoring Azure and .NET - AppSphere16
Under the Hood: Monitoring Azure and .NET - AppSphere16Under the Hood: Monitoring Azure and .NET - AppSphere16
Under the Hood: Monitoring Azure and .NET - AppSphere16AppDynamics
 
Spira Plan Overview Presentation
Spira Plan Overview PresentationSpira Plan Overview Presentation
Spira Plan Overview PresentationAdam Sandman
 
Testing 2: Advanced Test Management
Testing 2: Advanced Test Management Testing 2: Advanced Test Management
Testing 2: Advanced Test Management Inflectra
 
Test Masters 2016 Spring Conference
Test Masters 2016 Spring ConferenceTest Masters 2016 Spring Conference
Test Masters 2016 Spring ConferenceAdam Sandman
 
Memory Heap Analysis with AppDynamics - AppSphere16
Memory Heap Analysis with AppDynamics - AppSphere16Memory Heap Analysis with AppDynamics - AppSphere16
Memory Heap Analysis with AppDynamics - AppSphere16AppDynamics
 
Rapise Overview Presentation
Rapise Overview PresentationRapise Overview Presentation
Rapise Overview PresentationAdam Sandman
 
Rapise Overview Presentation (2021)
Rapise Overview Presentation (2021)Rapise Overview Presentation (2021)
Rapise Overview Presentation (2021)Inflectra
 
Integration strategies best practices- Mulesoft meetup April 2018
Integration strategies best practices- Mulesoft meetup April 2018Integration strategies best practices- Mulesoft meetup April 2018
Integration strategies best practices- Mulesoft meetup April 2018Rohan Rasane
 
Spira 101 - How We Designed Spira To Be Used: InflectraCon 2019
Spira 101 - How We Designed Spira To Be Used: InflectraCon 2019Spira 101 - How We Designed Spira To Be Used: InflectraCon 2019
Spira 101 - How We Designed Spira To Be Used: InflectraCon 2019Inflectra
 
Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16
Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16
Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16AppDynamics
 
Inflectra Partner Program 2022
Inflectra Partner Program 2022Inflectra Partner Program 2022
Inflectra Partner Program 2022Inflectra
 
Performance Monitoring and Testing in the Salesforce Cloud
Performance Monitoring and Testing in the Salesforce CloudPerformance Monitoring and Testing in the Salesforce Cloud
Performance Monitoring and Testing in the Salesforce CloudSalesforce Developers
 
AppDynamics Administration - AppSphere16
AppDynamics Administration - AppSphere16AppDynamics Administration - AppSphere16
AppDynamics Administration - AppSphere16AppDynamics
 
Advanced CA Endevor® Software Change Manager Processor Coding Techniques: Pra...
Advanced CA Endevor® Software Change Manager Processor Coding Techniques: Pra...Advanced CA Endevor® Software Change Manager Processor Coding Techniques: Pra...
Advanced CA Endevor® Software Change Manager Processor Coding Techniques: Pra...CA Technologies
 
The Digital Experience Report: Best of the Web 2016
The Digital Experience Report: Best of the Web 2016The Digital Experience Report: Best of the Web 2016
The Digital Experience Report: Best of the Web 2016Dynatrace
 
Compare & Contrast How Industries Use Spira
Compare & Contrast How Industries Use SpiraCompare & Contrast How Industries Use Spira
Compare & Contrast How Industries Use SpiraInflectra
 
Inflectra Overview Presentation (2021)
Inflectra Overview Presentation (2021)Inflectra Overview Presentation (2021)
Inflectra Overview Presentation (2021)Inflectra
 
Training Webinars - Secret hacks for OutSystems 10
Training Webinars - Secret hacks for OutSystems 10Training Webinars - Secret hacks for OutSystems 10
Training Webinars - Secret hacks for OutSystems 10OutSystems
 

Was ist angesagt? (20)

Say Goodbye To Old Tools And Stay Sane
Say Goodbye To Old Tools And Stay SaneSay Goodbye To Old Tools And Stay Sane
Say Goodbye To Old Tools And Stay Sane
 
Keynote: Inflectra Company Vision - InflectraCon 2019
Keynote: Inflectra Company Vision - InflectraCon 2019Keynote: Inflectra Company Vision - InflectraCon 2019
Keynote: Inflectra Company Vision - InflectraCon 2019
 
Under the Hood: Monitoring Azure and .NET - AppSphere16
Under the Hood: Monitoring Azure and .NET - AppSphere16Under the Hood: Monitoring Azure and .NET - AppSphere16
Under the Hood: Monitoring Azure and .NET - AppSphere16
 
Spira Plan Overview Presentation
Spira Plan Overview PresentationSpira Plan Overview Presentation
Spira Plan Overview Presentation
 
Testing 2: Advanced Test Management
Testing 2: Advanced Test Management Testing 2: Advanced Test Management
Testing 2: Advanced Test Management
 
Test Masters 2016 Spring Conference
Test Masters 2016 Spring ConferenceTest Masters 2016 Spring Conference
Test Masters 2016 Spring Conference
 
Memory Heap Analysis with AppDynamics - AppSphere16
Memory Heap Analysis with AppDynamics - AppSphere16Memory Heap Analysis with AppDynamics - AppSphere16
Memory Heap Analysis with AppDynamics - AppSphere16
 
Rapise Overview Presentation
Rapise Overview PresentationRapise Overview Presentation
Rapise Overview Presentation
 
Rapise Overview Presentation (2021)
Rapise Overview Presentation (2021)Rapise Overview Presentation (2021)
Rapise Overview Presentation (2021)
 
Integration strategies best practices- Mulesoft meetup April 2018
Integration strategies best practices- Mulesoft meetup April 2018Integration strategies best practices- Mulesoft meetup April 2018
Integration strategies best practices- Mulesoft meetup April 2018
 
Spira 101 - How We Designed Spira To Be Used: InflectraCon 2019
Spira 101 - How We Designed Spira To Be Used: InflectraCon 2019Spira 101 - How We Designed Spira To Be Used: InflectraCon 2019
Spira 101 - How We Designed Spira To Be Used: InflectraCon 2019
 
Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16
Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16
Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16
 
Inflectra Partner Program 2022
Inflectra Partner Program 2022Inflectra Partner Program 2022
Inflectra Partner Program 2022
 
Performance Monitoring and Testing in the Salesforce Cloud
Performance Monitoring and Testing in the Salesforce CloudPerformance Monitoring and Testing in the Salesforce Cloud
Performance Monitoring and Testing in the Salesforce Cloud
 
AppDynamics Administration - AppSphere16
AppDynamics Administration - AppSphere16AppDynamics Administration - AppSphere16
AppDynamics Administration - AppSphere16
 
Advanced CA Endevor® Software Change Manager Processor Coding Techniques: Pra...
Advanced CA Endevor® Software Change Manager Processor Coding Techniques: Pra...Advanced CA Endevor® Software Change Manager Processor Coding Techniques: Pra...
Advanced CA Endevor® Software Change Manager Processor Coding Techniques: Pra...
 
The Digital Experience Report: Best of the Web 2016
The Digital Experience Report: Best of the Web 2016The Digital Experience Report: Best of the Web 2016
The Digital Experience Report: Best of the Web 2016
 
Compare & Contrast How Industries Use Spira
Compare & Contrast How Industries Use SpiraCompare & Contrast How Industries Use Spira
Compare & Contrast How Industries Use Spira
 
Inflectra Overview Presentation (2021)
Inflectra Overview Presentation (2021)Inflectra Overview Presentation (2021)
Inflectra Overview Presentation (2021)
 
Training Webinars - Secret hacks for OutSystems 10
Training Webinars - Secret hacks for OutSystems 10Training Webinars - Secret hacks for OutSystems 10
Training Webinars - Secret hacks for OutSystems 10
 

Ähnlich wie How the U.S. Department of Defense Secures Its Custom ABAP Code

Case Study: Ensuring the Quality and Security of Custom SAP Applications at t...
Case Study: Ensuring the Quality and Security of Custom SAP Applications at t...Case Study: Ensuring the Quality and Security of Custom SAP Applications at t...
Case Study: Ensuring the Quality and Security of Custom SAP Applications at t...Virtual Forge
 
SAP NetWeaver Application Server Add-On for Code Vulnerability Analysis Overview
SAP NetWeaver Application Server Add-On for Code Vulnerability Analysis OverviewSAP NetWeaver Application Server Add-On for Code Vulnerability Analysis Overview
SAP NetWeaver Application Server Add-On for Code Vulnerability Analysis OverviewSAP Technology
 
SAST for JavaScript: A Brief Overview of Commercial Tools
SAST for JavaScript: A Brief Overview of Commercial ToolsSAST for JavaScript: A Brief Overview of Commercial Tools
SAST for JavaScript: A Brief Overview of Commercial ToolsAchim D. Brucker
 
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOpsDOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOpsGene Kim
 
How to assess the risks in your SAP systems at the push of a button
How to assess the risks in your SAP systems at the push of a buttonHow to assess the risks in your SAP systems at the push of a button
How to assess the risks in your SAP systems at the push of a buttonVirtual Forge
 
Top 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle softwareTop 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle softwareRogue Wave Software
 
Mobile Trends And The New Threats - Is Your SAP System Vulnerable to Cyber At...
Mobile Trends And The New Threats - Is Your SAP System Vulnerable to Cyber At...Mobile Trends And The New Threats - Is Your SAP System Vulnerable to Cyber At...
Mobile Trends And The New Threats - Is Your SAP System Vulnerable to Cyber At...Virtual Forge
 
Sa fe 4.0 implementing Enterprise Agile using the Scaled Agile Framework
Sa fe 4.0 implementing Enterprise Agile using the Scaled Agile FrameworkSa fe 4.0 implementing Enterprise Agile using the Scaled Agile Framework
Sa fe 4.0 implementing Enterprise Agile using the Scaled Agile Frameworkevatjohnson
 
SAFe 4.0 - implementing Enterprise Agile using the Scaled Agile Framework
SAFe 4.0 - implementing Enterprise Agile using the Scaled Agile FrameworkSAFe 4.0 - implementing Enterprise Agile using the Scaled Agile Framework
SAFe 4.0 - implementing Enterprise Agile using the Scaled Agile FrameworkIntland Software GmbH
 
Rapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRogue Wave Software
 
DevOps and Splunk
DevOps and SplunkDevOps and Splunk
DevOps and SplunkSplunk
 
SAP security made easy
SAP security made easySAP security made easy
SAP security made easyERPScan
 
Universal test solutions customer testimonial 10192013-v2.2
Universal test solutions customer testimonial 10192013-v2.2Universal test solutions customer testimonial 10192013-v2.2
Universal test solutions customer testimonial 10192013-v2.2Universal Technology Solutions
 
Application Security Management with ThreadFix
Application Security Management with ThreadFixApplication Security Management with ThreadFix
Application Security Management with ThreadFixVirtual Forge
 
Protect Your Customers Data from Cyberattacks
Protect Your Customers Data from CyberattacksProtect Your Customers Data from Cyberattacks
Protect Your Customers Data from CyberattacksSAP Customer Experience
 
Deploying Static Application Security Testing on a Large Scale
Deploying Static Application Security Testing on a Large ScaleDeploying Static Application Security Testing on a Large Scale
Deploying Static Application Security Testing on a Large ScaleAchim D. Brucker
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security Rogue Wave Software
 
OpenControl Overview - Joshua McKenty
OpenControl Overview - Joshua McKentyOpenControl Overview - Joshua McKenty
OpenControl Overview - Joshua McKentyJulie Coonce
 
Top API Security Issues Found During POCs
Top API Security Issues Found During POCsTop API Security Issues Found During POCs
Top API Security Issues Found During POCs42Crunch
 
Java Micro Edition (ME) 8 Deep Dive
Java Micro Edition (ME) 8 Deep DiveJava Micro Edition (ME) 8 Deep Dive
Java Micro Edition (ME) 8 Deep Diveterrencebarr
 

Ähnlich wie How the U.S. Department of Defense Secures Its Custom ABAP Code (20)

Case Study: Ensuring the Quality and Security of Custom SAP Applications at t...
Case Study: Ensuring the Quality and Security of Custom SAP Applications at t...Case Study: Ensuring the Quality and Security of Custom SAP Applications at t...
Case Study: Ensuring the Quality and Security of Custom SAP Applications at t...
 
SAP NetWeaver Application Server Add-On for Code Vulnerability Analysis Overview
SAP NetWeaver Application Server Add-On for Code Vulnerability Analysis OverviewSAP NetWeaver Application Server Add-On for Code Vulnerability Analysis Overview
SAP NetWeaver Application Server Add-On for Code Vulnerability Analysis Overview
 
SAST for JavaScript: A Brief Overview of Commercial Tools
SAST for JavaScript: A Brief Overview of Commercial ToolsSAST for JavaScript: A Brief Overview of Commercial Tools
SAST for JavaScript: A Brief Overview of Commercial Tools
 
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOpsDOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
 
How to assess the risks in your SAP systems at the push of a button
How to assess the risks in your SAP systems at the push of a buttonHow to assess the risks in your SAP systems at the push of a button
How to assess the risks in your SAP systems at the push of a button
 
Top 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle softwareTop 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle software
 
Mobile Trends And The New Threats - Is Your SAP System Vulnerable to Cyber At...
Mobile Trends And The New Threats - Is Your SAP System Vulnerable to Cyber At...Mobile Trends And The New Threats - Is Your SAP System Vulnerable to Cyber At...
Mobile Trends And The New Threats - Is Your SAP System Vulnerable to Cyber At...
 
Sa fe 4.0 implementing Enterprise Agile using the Scaled Agile Framework
Sa fe 4.0 implementing Enterprise Agile using the Scaled Agile FrameworkSa fe 4.0 implementing Enterprise Agile using the Scaled Agile Framework
Sa fe 4.0 implementing Enterprise Agile using the Scaled Agile Framework
 
SAFe 4.0 - implementing Enterprise Agile using the Scaled Agile Framework
SAFe 4.0 - implementing Enterprise Agile using the Scaled Agile FrameworkSAFe 4.0 - implementing Enterprise Agile using the Scaled Agile Framework
SAFe 4.0 - implementing Enterprise Agile using the Scaled Agile Framework
 
Rapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysis
 
DevOps and Splunk
DevOps and SplunkDevOps and Splunk
DevOps and Splunk
 
SAP security made easy
SAP security made easySAP security made easy
SAP security made easy
 
Universal test solutions customer testimonial 10192013-v2.2
Universal test solutions customer testimonial 10192013-v2.2Universal test solutions customer testimonial 10192013-v2.2
Universal test solutions customer testimonial 10192013-v2.2
 
Application Security Management with ThreadFix
Application Security Management with ThreadFixApplication Security Management with ThreadFix
Application Security Management with ThreadFix
 
Protect Your Customers Data from Cyberattacks
Protect Your Customers Data from CyberattacksProtect Your Customers Data from Cyberattacks
Protect Your Customers Data from Cyberattacks
 
Deploying Static Application Security Testing on a Large Scale
Deploying Static Application Security Testing on a Large ScaleDeploying Static Application Security Testing on a Large Scale
Deploying Static Application Security Testing on a Large Scale
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security
 
OpenControl Overview - Joshua McKenty
OpenControl Overview - Joshua McKentyOpenControl Overview - Joshua McKenty
OpenControl Overview - Joshua McKenty
 
Top API Security Issues Found During POCs
Top API Security Issues Found During POCsTop API Security Issues Found During POCs
Top API Security Issues Found During POCs
 
Java Micro Edition (ME) 8 Deep Dive
Java Micro Edition (ME) 8 Deep DiveJava Micro Edition (ME) 8 Deep Dive
Java Micro Edition (ME) 8 Deep Dive
 

Mehr von Virtual Forge

SAP HANA Security: New Technology, New Risks
SAP HANA Security: New Technology, New RisksSAP HANA Security: New Technology, New Risks
SAP HANA Security: New Technology, New RisksVirtual Forge
 
Stabile und performante Anwendungen für SAP HANA entwickeln
Stabile und performante Anwendungen für SAP HANA entwickelnStabile und performante Anwendungen für SAP HANA entwickeln
Stabile und performante Anwendungen für SAP HANA entwickelnVirtual Forge
 
Develop Stable, High-Performance Applications for SAP HANA
Develop Stable, High-Performance Applications for SAP HANADevelop Stable, High-Performance Applications for SAP HANA
Develop Stable, High-Performance Applications for SAP HANAVirtual Forge
 
ABAP Qualitäts-Benchmark: Eine Analyse von über 200 SAP Installationen
ABAP Qualitäts-Benchmark: Eine Analyse von über 200 SAP InstallationenABAP Qualitäts-Benchmark: Eine Analyse von über 200 SAP Installationen
ABAP Qualitäts-Benchmark: Eine Analyse von über 200 SAP InstallationenVirtual Forge
 
Uninvited Guests: Why do hackers love our SAP landscapes?
Uninvited Guests: Why do hackers love our SAP landscapes?Uninvited Guests: Why do hackers love our SAP landscapes?
Uninvited Guests: Why do hackers love our SAP landscapes?Virtual Forge
 
Ungebetene Gäste: Warum lieben Hacker aus aller Welt unsere SAP Landschaften?
Ungebetene Gäste: Warum lieben Hacker aus aller Welt unsere SAP Landschaften?Ungebetene Gäste: Warum lieben Hacker aus aller Welt unsere SAP Landschaften?
Ungebetene Gäste: Warum lieben Hacker aus aller Welt unsere SAP Landschaften?Virtual Forge
 
Case Study: Automated Code Reviews In A Grown SAP Application Landscape At EW...
Case Study: Automated Code Reviews In A Grown SAP Application Landscape At EW...Case Study: Automated Code Reviews In A Grown SAP Application Landscape At EW...
Case Study: Automated Code Reviews In A Grown SAP Application Landscape At EW...Virtual Forge
 
Case Study: Automatisierte Code Reviews in einer gewachsenen SAP-Applikations...
Case Study: Automatisierte Code Reviews in einer gewachsenen SAP-Applikations...Case Study: Automatisierte Code Reviews in einer gewachsenen SAP-Applikations...
Case Study: Automatisierte Code Reviews in einer gewachsenen SAP-Applikations...Virtual Forge
 
10 GOLDEN RULES FOR CODING AUTHORIZATION CHECKS IN ABAP
10 GOLDEN RULES FOR CODING AUTHORIZATION CHECKS IN ABAP10 GOLDEN RULES FOR CODING AUTHORIZATION CHECKS IN ABAP
10 GOLDEN RULES FOR CODING AUTHORIZATION CHECKS IN ABAPVirtual Forge
 
Risks of Hosted SAP Environments
Risks of Hosted SAP EnvironmentsRisks of Hosted SAP Environments
Risks of Hosted SAP EnvironmentsVirtual Forge
 
Die Top 5 Mythen der SAP Sicherheit
Die Top 5 Mythen der SAP SicherheitDie Top 5 Mythen der SAP Sicherheit
Die Top 5 Mythen der SAP SicherheitVirtual Forge
 
ABAP Code Qualität - Best Practices
ABAP Code Qualität - Best PracticesABAP Code Qualität - Best Practices
ABAP Code Qualität - Best PracticesVirtual Forge
 

Mehr von Virtual Forge (12)

SAP HANA Security: New Technology, New Risks
SAP HANA Security: New Technology, New RisksSAP HANA Security: New Technology, New Risks
SAP HANA Security: New Technology, New Risks
 
Stabile und performante Anwendungen für SAP HANA entwickeln
Stabile und performante Anwendungen für SAP HANA entwickelnStabile und performante Anwendungen für SAP HANA entwickeln
Stabile und performante Anwendungen für SAP HANA entwickeln
 
Develop Stable, High-Performance Applications for SAP HANA
Develop Stable, High-Performance Applications for SAP HANADevelop Stable, High-Performance Applications for SAP HANA
Develop Stable, High-Performance Applications for SAP HANA
 
ABAP Qualitäts-Benchmark: Eine Analyse von über 200 SAP Installationen
ABAP Qualitäts-Benchmark: Eine Analyse von über 200 SAP InstallationenABAP Qualitäts-Benchmark: Eine Analyse von über 200 SAP Installationen
ABAP Qualitäts-Benchmark: Eine Analyse von über 200 SAP Installationen
 
Uninvited Guests: Why do hackers love our SAP landscapes?
Uninvited Guests: Why do hackers love our SAP landscapes?Uninvited Guests: Why do hackers love our SAP landscapes?
Uninvited Guests: Why do hackers love our SAP landscapes?
 
Ungebetene Gäste: Warum lieben Hacker aus aller Welt unsere SAP Landschaften?
Ungebetene Gäste: Warum lieben Hacker aus aller Welt unsere SAP Landschaften?Ungebetene Gäste: Warum lieben Hacker aus aller Welt unsere SAP Landschaften?
Ungebetene Gäste: Warum lieben Hacker aus aller Welt unsere SAP Landschaften?
 
Case Study: Automated Code Reviews In A Grown SAP Application Landscape At EW...
Case Study: Automated Code Reviews In A Grown SAP Application Landscape At EW...Case Study: Automated Code Reviews In A Grown SAP Application Landscape At EW...
Case Study: Automated Code Reviews In A Grown SAP Application Landscape At EW...
 
Case Study: Automatisierte Code Reviews in einer gewachsenen SAP-Applikations...
Case Study: Automatisierte Code Reviews in einer gewachsenen SAP-Applikations...Case Study: Automatisierte Code Reviews in einer gewachsenen SAP-Applikations...
Case Study: Automatisierte Code Reviews in einer gewachsenen SAP-Applikations...
 
10 GOLDEN RULES FOR CODING AUTHORIZATION CHECKS IN ABAP
10 GOLDEN RULES FOR CODING AUTHORIZATION CHECKS IN ABAP10 GOLDEN RULES FOR CODING AUTHORIZATION CHECKS IN ABAP
10 GOLDEN RULES FOR CODING AUTHORIZATION CHECKS IN ABAP
 
Risks of Hosted SAP Environments
Risks of Hosted SAP EnvironmentsRisks of Hosted SAP Environments
Risks of Hosted SAP Environments
 
Die Top 5 Mythen der SAP Sicherheit
Die Top 5 Mythen der SAP SicherheitDie Top 5 Mythen der SAP Sicherheit
Die Top 5 Mythen der SAP Sicherheit
 
ABAP Code Qualität - Best Practices
ABAP Code Qualität - Best PracticesABAP Code Qualität - Best Practices
ABAP Code Qualität - Best Practices
 

Kürzlich hochgeladen

Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...confluent
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Mater
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Developmentvyaparkranti
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsSafe Software
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringHironori Washizaki
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationvaddepallysandeep122
 

Kürzlich hochgeladen (20)

Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
Odoo Development Company in India | Devintelle Consulting Service
Odoo Development Company in India | Devintelle Consulting ServiceOdoo Development Company in India | Devintelle Consulting Service
Odoo Development Company in India | Devintelle Consulting Service
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
 

How the U.S. Department of Defense Secures Its Custom ABAP Code

  • 1. /* How the U.S. Department of Defense Secures Its Custom ABAP Code */ #SAPtd
  • 2. How the U.S. Department of Defense Secures Its Custom ABAP Code Christine Warring TEWLS Sustainment Project Manager, JMLFDC CACI Contractor © 2015, Virtual Forge, Inc. All rights reserved.
  • 3. Agenda  SAP TEWLS @ Department of Defense  Challenges  Custom ABAP  Best Practices
  • 4. SAP TEWLS @ Dept of Defense
  • 5. SAP TEWLS @ Dept of Defense Custom ABAP Applications Theater Enterprise Wide Logistics System (TEWLS)   SAP-based Enterprise Resource Planning   Supports theater-level medical logistics   Developed by US Army to replace TAMMIS   Single shared data environment   Developed in ABAP 5
  • 6. SAP TEWLS @ Dept of Defense Custom ABAP Applications What is TEWLS?   Enterprise-level total life cycle management of medical assemblages   Development   Production   Fielding   Sustainment   Theater Intermediate-Level Medical Logistics:   Acquisition & life-cycle management   Strategic programs for mobilization & deployment of materials   Theater Supply Chain Management to include full storage and distribution capabilities for Medical Materials (TLAMM)   Compliance with Federal Financial Management Improvement Act (FFMIA); Standard Financial Information Structure (SFIS); Federal Information System Controls Audit Manual (FISCAM) 6
  • 8. Challenges Passing the Test Department of Defense Adopted TEWLS   TEWLS to be used for all armed forces   Required to prove that ABAP code was secure and compliant The Problem   Static code scanning required   Code scanning solution that DOD mandated did not produce accurate results   Unable to go live without Authority to Operate (ATO)! 8
  • 9. Challenges The Problem Limitations with existing tools   Many false findings   Inconsistent results (even with same code base)   Developers could not use day to day   Limited test scope   No help with remediation! Impact   Used valuable resource time working through false results   Unable to prove that the code was secure and compliant to finalize DOD ATO   Annoyed developers   Late feedback for developers 9
  • 10. Challenges The Solution ABAP Scanning with CodeProfiler   Accurate results with prioritized findings   Comprehensive testing   Developers can correct and learn while the work   Detailed remediation instructions and auto correction Results   Able to scan and remediate vulnerabilities quickly   Reduced number of code corrections required   Improved developer skills   Reduced effort and time spent on code reviews   Ensured ALL code meets security and compliance requirements 10
  • 11. Custom ABAP Are your custom applications compliant?   ATO (Authority To Operate)   PII (Personally Identifiable Information)   PIA (Privacy Impact Assessment)   PCI-DSS (Payment Card Industry Data Security Standard)   Internal standards 11
  • 13. Best Practices Recommended Testing   Security and compliance   Performance   Stability and robustness   Maintainability 13
  • 14. Best Practices Code Reviews Top 11 Most Dangerous Security Vulnerabilities: 1.  ABAP Command Injection 2.  OS Command Injection 3.  Native SQL Injection 4.  Improper Authorization Checks 5.  Directory Traversal 6.  Direct Database Modifications 7.  Cross-Client Database Access 8.  Open SQL Injection 9.  Generic Module Execution 10.  Cross-Site Scripting 11.  Hidden ABAP code 14
  • 15. Best Practices Lessons Learned/Recommendations   Custom code can be a source of risk to SAP systems.   Automated testing is necessary to ensure code security and quality.   All solutions are not alike – Compare!   Start now. Don’t wait for an incident to occur. 15
  • 16. Virtual Forge CodeProfiler Free Risk Assessment Offer! How good is your SAP system? Visit www.virtualforge.com ü  Summary of findings ü  Priorization and classification of vulnerabilities ü  Specific examples of findings ü  Code and system metrics Quality Compliance Security SAP- System Risk Assessment / Penetration Test •  SAP configuration •  Custom code Free 16
  • 18. Disclaimer © 2015 Virtual Forge Inc. All rights reserved. SAP, R/3, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG. All other product and service names mentioned are the trademarks of their respective companies. Information contained in this publication is subject to change without prior notice. It is provided by Virtual Forge and serves informational purposes only. Virtual Forge is not liable for errors or incomplete information in this publication. Information contained in this publication does not imply any further liability. Virtual Forge Terms and Conditions apply. See www.virtualforge.com for details.