Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/1/2009
05:45 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Art of Defence, Virtual Forge Partner In SAP Security

Companies that use SAP technology can now discover and shield any software security issues before they become problems without bringing the system offline

Regensburg, Germany, September 1, 2009 " Today, art of defence, the leading distributed web application firewall (dWAF) provider, and Virtual Forge, the leader in SAP software security, announced they have partnered through product integration to end the need for security hot-patches on SAP systems. Companies that depend on SAP technology now have the ability to discover and shield any software security issues before they become problems without bringing the system off-line, avoiding unplanned down time. Patch development is saved for regularly scheduled cycles, increasing overall system productivity and improving the quality of patches.

Through the partnership, Virtual Forge's market-leading SAP ABAP source code scanner, CODEPROFILER, detects software vulnerabilities and feeds any findings directly into art of defence's dWAF solution, hyperguard. All security lapses identified are immediately presented to the administrator through dynamic ruleset suggestions within hyperguard. Conflicting dWAF rulesets, which may leave holes in web application shielding, are prevented with hyperguard. The dWAF is the industry's only solution available today that enables development, testing and deployment of new application security policies without ever relaxing the established defenses or risking false positives.

"Experience shows that there's at least one critical security issue in 2,000 lines of SAP ABAP code. This leads to significant defect rates, even in smaller development projects. Since patch issues create considerable productivity challenges for SAP systems due to their pervasive, foundational nature, there's a strong need for an effective solution. Processes, divisions and even whole companies are impacted when these systems come offline," says Markus Schumacher, CEO, Virtual Forge. "Integrating our CODEPROFILER with art of defence's hyperguard translates into secure SAP Web applications at all times while patches can be calmly created, tested and imported during the regular maintenance routine."

"Source code scanning and web application shielding software go hand-in-hand, and SAP developers will find comfort knowing the market leading CODEPROFILER now integrates fully with a powerful, flexible dWAF," said Georg Hess, founder and CEO, art of defence. "By putting the administrator in complete control over all rulesets, hyperguard makes sure only malicious traffic is prevented."

hyperguard's entire software architecture was carefully designed to ensure that it can be integrated as flexibly and seamlessly as possible into existing security and Web infrastructures with no disruptions or interference in service. hyperguard adds high-level proactive security features typically not found in other WAF solutions, such as secure session management, URL encryption and a web authentication framework. Available as a SaaS, software plug-in, virtual appliance, hardware appliance or as a standalone software solution, hyperguard is the world's most flexible, scalable solution for web application attack detection and complete web application shielding.

For more information about hyperguard, the company or about partnership opportunities, visit the Art of Defence website (www.artofdefence.com/en), and for details about Virtual Forge, visit their site (www.virtualforge.de).

# # #

About art of defence GmbH

Founded in 2005, art of defence GmbH is headquartered in Regensburg, Germany, and serves the U.S., European and Asian markets. Focused exclusively on providing comprehensive web application security technology on any scale, the company is the only European provider in this space that covers the entire software development lifecycle (SDLC). The company partners with leading technology providers like Microsoft, Zeus, GeNUA, and Armorize.

The full product suite includes hyperguard, a distributed web application firewall (dWAF), hypersource, a static source code analysis tool, and hyperscan, a web application vulnerability scan server. As the flagship solution, hyperguard has been designed to integrate fully with the latter two offerings, enabling the dWAF to automatically protect web application from vulnerabilities detecting through hypersource and hyperscan.

art of defences web application firewall technology is the most flexible on the market today, available as a SaaS, software plug-in, virtual appliance, hardware appliance or as a standalone software solution. The company serves the financial services, eCommerce, technology, telecommunication and public sector markets exclusively through OEM/technology and reseller channel partners.

For more information about art of defence, visit: www.artofdefence.com/en

About Virtual Forge

Virtual Forge is the leading authority in business for software security for SAP applications. The benefits and solutions of the company cover the complete cycle of secure development in the SAP environment. Many SAP customers rely on the know-how of Virtual Forge to understand the security risks in their SAP landscapes and facilitate the software and process change necessary to mitigate them. The company has cooperated for many years with SAP in security relevant areas of product development.

The deep experience with security analysis in the SAP environment is the basis for the ABAP security scanner, CODEPROFILER. For the first time it's possible to realise broad code security audits for ABAP programs. SAP-Board member Gerhard Oswald has commented, "Security is important to us and to our customers. It's good to see that our trusted partner, Virtual Forge, provides a tool for security test automation. Now all our customers can establish a baseline security level in their ABAP code."

For more information about Virtual Forge, visit: www.virtualforge.de

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprise
Assessing Cybersecurity Risk in Today's Enterprise
Security leaders are struggling to understand their organizations risk exposure. While many are confident in their security strategies and processes, theyre also more concerned than ever about getting breached. Download this report today and get insights on how today's enterprises assess and perceive the risks they face in 2019!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18881
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile.
CVE-2019-18882
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled.
CVE-2019-18873
PUBLISHED: 2019-11-12
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the pa...
CVE-2019-18874
PUBLISHED: 2019-11-12
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
CVE-2019-18862
PUBLISHED: 2019-11-11
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.