Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

4/18/2018
02:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

SAP Security Tool Now Enables Automated QA & Security Checks for SAPUI5

Virtual Forge now offers its CodeProfiler for HANA with support of SAPUI5.

HEIDELBERG, Germany (April 18, 2018) – Virtual Forge, the leading provider of cyber security solutions for SAP®, today announced its CodeProfiler for HANA is now able to scan the SAPUI5 programming language. The company also announced new patents pending for the technology. CodeProfiler for HANA enables companies to run automated quality and security checks on their custom developments as lines of code are being developed on the SAP HANA platform.

SAPUI5 is a modern HTML5-based development toolkit based on JavaScript, CSS and HTML5 that enables one consistent user experience. Custom applications developed with SAPUI5 are responsive across browsers and devices – on smartphones, tablets, and desktops – the UI controls automatically adapt themselves to the capabilities of each device.

Virtual Forge’s CodeProfiler for HANA provides developers with detailed feedback on the code quality  of SAPUI5-based business applications, even as developers write the code – similar to the spell-checking functionality of a word processor. HANA differs fundamentally from other SAP technologies, making it difficult for programmers to maintain the security, performance levels, overall code quality and compliance necessary for custom SAP-developed programs.

CodeProfiler for HANA supports the programmers in an effective way.

The average ERP system based on SAP’s ABAP language contains two million lines of custom programming, and the numbers for customers using the newer HANA technology will probably reach similar statistics. CodeProfiler for HANA is designed to pinpoint and eliminate critical deficiencies in security, compliance, and performance early in the process of creating HANA programs. The technology interfaces with the two development environments used for HANA: Eclipse and SAP’s home-grown Web IDE tool1. It supports the programming languages used in SAP HANA, including SQLScript, XSJS, and SAPUI5.

“Businesses today must work with SAP ERP systems that are not only agile, but enable customer-facing solutions with a user interface that allows for an exciting and richly branded experience,” said Dr. Markus Schumacher, CEO of Virtual Forge. “In order to achieve this, brands must leverage technologies such as SAPUI5, but they must also have reliable protection in place to ensure their custom code and applications are secure from outside malicious attacks.”

The content-checking component offered by both CodeProfiler for ABAP and CodeProfiler for HANA includes key areas of security, compliance and data loss prevention. It also offers quality checks to ensure maintainability, robustness, and performance. Developers can also take advantage of detailed documentation of the test cases at hand. For each test case, CodeProfiler provides extensive documentation that allows a developer to understand the identified problems and associated risks. It also enables the developer to easily mitigate them.

Virtual Forge filed new technology patents for CodeProfiler, which include the following highlights:

  • Overcoming SAST limitations for dynamically typed languages by using a hybrid approach to execute the source code to be analyzed in a controlled execution environment in the form of a virtual machine.
  • Allowing code analysis during the early stages of software development.
  • Reliably reproducing tests and scans of DAST/IAST without side effects.


About Virtual Forge:

Virtual Forge is the leading provider of cyber security solutions for SAP® security. Our mission is to help customers ensure the security and quality of their SAP® systems and applications from the ground up. As pioneers in ABAP® security, we also aid SAP customers around the world in identifying security flaws and risks, fine-tuning the performance of their systems, and avoiding unnecessary investments. Virtual Forge was founded in Heidelberg, Germany, in 2001, and has offices in Heidelberg, Weimar (Germany), and Philadelphia (USA); as well as Singapore, Abu Dhabi, Rotterdam, and Madrid. For more information please visit www.VirtualForge.com.

 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20925
PUBLISHED: 2020-11-24
An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions...
CVE-2020-5641
PUBLISHED: 2020-11-24
Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may be changed without the user's intention or consent via unspecified vectors.
CVE-2020-5674
PUBLISHED: 2020-11-24
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2020-29002
PUBLISHED: 2020-11-24
includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator.
CVE-2020-29003
PUBLISHED: 2020-11-24
The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll.