Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/1/2009
05:45 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Art of Defence, Virtual Forge Partner In SAP Security

Companies that use SAP technology can now discover and shield any software security issues before they become problems without bringing the system offline

Regensburg, Germany, September 1, 2009 " Today, art of defence, the leading distributed web application firewall (dWAF) provider, and Virtual Forge, the leader in SAP software security, announced they have partnered through product integration to end the need for security hot-patches on SAP systems. Companies that depend on SAP technology now have the ability to discover and shield any software security issues before they become problems without bringing the system off-line, avoiding unplanned down time. Patch development is saved for regularly scheduled cycles, increasing overall system productivity and improving the quality of patches.

Through the partnership, Virtual Forge's market-leading SAP ABAP source code scanner, CODEPROFILER, detects software vulnerabilities and feeds any findings directly into art of defence's dWAF solution, hyperguard. All security lapses identified are immediately presented to the administrator through dynamic ruleset suggestions within hyperguard. Conflicting dWAF rulesets, which may leave holes in web application shielding, are prevented with hyperguard. The dWAF is the industry's only solution available today that enables development, testing and deployment of new application security policies without ever relaxing the established defenses or risking false positives.

"Experience shows that there's at least one critical security issue in 2,000 lines of SAP ABAP code. This leads to significant defect rates, even in smaller development projects. Since patch issues create considerable productivity challenges for SAP systems due to their pervasive, foundational nature, there's a strong need for an effective solution. Processes, divisions and even whole companies are impacted when these systems come offline," says Markus Schumacher, CEO, Virtual Forge. "Integrating our CODEPROFILER with art of defence's hyperguard translates into secure SAP Web applications at all times while patches can be calmly created, tested and imported during the regular maintenance routine."

"Source code scanning and web application shielding software go hand-in-hand, and SAP developers will find comfort knowing the market leading CODEPROFILER now integrates fully with a powerful, flexible dWAF," said Georg Hess, founder and CEO, art of defence. "By putting the administrator in complete control over all rulesets, hyperguard makes sure only malicious traffic is prevented."

hyperguard's entire software architecture was carefully designed to ensure that it can be integrated as flexibly and seamlessly as possible into existing security and Web infrastructures with no disruptions or interference in service. hyperguard adds high-level proactive security features typically not found in other WAF solutions, such as secure session management, URL encryption and a web authentication framework. Available as a SaaS, software plug-in, virtual appliance, hardware appliance or as a standalone software solution, hyperguard is the world's most flexible, scalable solution for web application attack detection and complete web application shielding.

For more information about hyperguard, the company or about partnership opportunities, visit the Art of Defence website (www.artofdefence.com/en), and for details about Virtual Forge, visit their site (www.virtualforge.de).

# # #

About art of defence GmbH

Founded in 2005, art of defence GmbH is headquartered in Regensburg, Germany, and serves the U.S., European and Asian markets. Focused exclusively on providing comprehensive web application security technology on any scale, the company is the only European provider in this space that covers the entire software development lifecycle (SDLC). The company partners with leading technology providers like Microsoft, Zeus, GeNUA, and Armorize.

The full product suite includes hyperguard, a distributed web application firewall (dWAF), hypersource, a static source code analysis tool, and hyperscan, a web application vulnerability scan server. As the flagship solution, hyperguard has been designed to integrate fully with the latter two offerings, enabling the dWAF to automatically protect web application from vulnerabilities detecting through hypersource and hyperscan.

art of defences web application firewall technology is the most flexible on the market today, available as a SaaS, software plug-in, virtual appliance, hardware appliance or as a standalone software solution. The company serves the financial services, eCommerce, technology, telecommunication and public sector markets exclusively through OEM/technology and reseller channel partners.

For more information about art of defence, visit: www.artofdefence.com/en

About Virtual Forge

Virtual Forge is the leading authority in business for software security for SAP applications. The benefits and solutions of the company cover the complete cycle of secure development in the SAP environment. Many SAP customers rely on the know-how of Virtual Forge to understand the security risks in their SAP landscapes and facilitate the software and process change necessary to mitigate them. The company has cooperated for many years with SAP in security relevant areas of product development.

The deep experience with security analysis in the SAP environment is the basis for the ABAP security scanner, CODEPROFILER. For the first time it's possible to realise broad code security audits for ABAP programs. SAP-Board member Gerhard Oswald has commented, "Security is important to us and to our customers. It's good to see that our trusted partner, Virtual Forge, provides a tool for security test automation. Now all our customers can establish a baseline security level in their ABAP code."

For more information about Virtual Forge, visit: www.virtualforge.de

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Virginia a Hot Spot For Cybersecurity Jobs
Jai Vijayan, Contributing Writer,  10/9/2019
How to Think Like a Hacker
Dr. Giovanni Vigna, Chief Technology Officer at Lastline,  10/10/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17660
PUBLISHED: 2019-10-16
A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/index/surveyid/336819/lang/ PATH_INFO.
CVE-2019-11281
PUBLISHED: 2019-10-16
Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input...
CVE-2019-16521
PUBLISHED: 2019-10-16
The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payl...
CVE-2019-16522
PUBLISHED: 2019-10-16
The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. A...
CVE-2019-16523
PUBLISHED: 2019-10-16
The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin.