Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/1/2009
05:45 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Art of Defence, Virtual Forge Partner In SAP Security

Companies that use SAP technology can now discover and shield any software security issues before they become problems without bringing the system offline

Regensburg, Germany, September 1, 2009 " Today, art of defence, the leading distributed web application firewall (dWAF) provider, and Virtual Forge, the leader in SAP software security, announced they have partnered through product integration to end the need for security hot-patches on SAP systems. Companies that depend on SAP technology now have the ability to discover and shield any software security issues before they become problems without bringing the system off-line, avoiding unplanned down time. Patch development is saved for regularly scheduled cycles, increasing overall system productivity and improving the quality of patches.

Through the partnership, Virtual Forge's market-leading SAP ABAP source code scanner, CODEPROFILER, detects software vulnerabilities and feeds any findings directly into art of defence's dWAF solution, hyperguard. All security lapses identified are immediately presented to the administrator through dynamic ruleset suggestions within hyperguard. Conflicting dWAF rulesets, which may leave holes in web application shielding, are prevented with hyperguard. The dWAF is the industry's only solution available today that enables development, testing and deployment of new application security policies without ever relaxing the established defenses or risking false positives.

"Experience shows that there's at least one critical security issue in 2,000 lines of SAP ABAP code. This leads to significant defect rates, even in smaller development projects. Since patch issues create considerable productivity challenges for SAP systems due to their pervasive, foundational nature, there's a strong need for an effective solution. Processes, divisions and even whole companies are impacted when these systems come offline," says Markus Schumacher, CEO, Virtual Forge. "Integrating our CODEPROFILER with art of defence's hyperguard translates into secure SAP Web applications at all times while patches can be calmly created, tested and imported during the regular maintenance routine."

"Source code scanning and web application shielding software go hand-in-hand, and SAP developers will find comfort knowing the market leading CODEPROFILER now integrates fully with a powerful, flexible dWAF," said Georg Hess, founder and CEO, art of defence. "By putting the administrator in complete control over all rulesets, hyperguard makes sure only malicious traffic is prevented."

hyperguard's entire software architecture was carefully designed to ensure that it can be integrated as flexibly and seamlessly as possible into existing security and Web infrastructures with no disruptions or interference in service. hyperguard adds high-level proactive security features typically not found in other WAF solutions, such as secure session management, URL encryption and a web authentication framework. Available as a SaaS, software plug-in, virtual appliance, hardware appliance or as a standalone software solution, hyperguard is the world's most flexible, scalable solution for web application attack detection and complete web application shielding.

For more information about hyperguard, the company or about partnership opportunities, visit the Art of Defence website (www.artofdefence.com/en), and for details about Virtual Forge, visit their site (www.virtualforge.de).

# # #

About art of defence GmbH

Founded in 2005, art of defence GmbH is headquartered in Regensburg, Germany, and serves the U.S., European and Asian markets. Focused exclusively on providing comprehensive web application security technology on any scale, the company is the only European provider in this space that covers the entire software development lifecycle (SDLC). The company partners with leading technology providers like Microsoft, Zeus, GeNUA, and Armorize.

The full product suite includes hyperguard, a distributed web application firewall (dWAF), hypersource, a static source code analysis tool, and hyperscan, a web application vulnerability scan server. As the flagship solution, hyperguard has been designed to integrate fully with the latter two offerings, enabling the dWAF to automatically protect web application from vulnerabilities detecting through hypersource and hyperscan.

art of defences web application firewall technology is the most flexible on the market today, available as a SaaS, software plug-in, virtual appliance, hardware appliance or as a standalone software solution. The company serves the financial services, eCommerce, technology, telecommunication and public sector markets exclusively through OEM/technology and reseller channel partners.

For more information about art of defence, visit: www.artofdefence.com/en

About Virtual Forge

Virtual Forge is the leading authority in business for software security for SAP applications. The benefits and solutions of the company cover the complete cycle of secure development in the SAP environment. Many SAP customers rely on the know-how of Virtual Forge to understand the security risks in their SAP landscapes and facilitate the software and process change necessary to mitigate them. The company has cooperated for many years with SAP in security relevant areas of product development.

The deep experience with security analysis in the SAP environment is the basis for the ABAP security scanner, CODEPROFILER. For the first time it's possible to realise broad code security audits for ABAP programs. SAP-Board member Gerhard Oswald has commented, "Security is important to us and to our customers. It's good to see that our trusted partner, Virtual Forge, provides a tool for security test automation. Now all our customers can establish a baseline security level in their ABAP code."

For more information about Virtual Forge, visit: www.virtualforge.de

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
USB Drive Security Still Lags
Dark Reading Staff 10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17537
PUBLISHED: 2019-10-13
Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file deletion via the web/polygon/problem/deletefile?id=1&name=../ substring.
CVE-2019-17538
PUBLISHED: 2019-10-13
Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring.
CVE-2019-17535
PUBLISHED: 2019-10-13
Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.
CVE-2019-17536
PUBLISHED: 2019-10-13
Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.
CVE-2019-17533
PUBLISHED: 2019-10-13
Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed.