We applied the same software design targets that we set for all of our SAP add-ons. Software must be lean, reliable, fast and easy to adopt. Customers should not have to read the manual! Performance of the Code Scanner was also a top priority. SecurityBridge ploughs through thousands of lines of code in no time. It continuously guards as a silent watchdog, ensuring code security is no longer optional or avoidable. Request a demo or run an on-premise test yourself. Assess your code security level now.
Let the scanner help you to identify vulnerable or malicious coding lines. Highlight non-mitigated SQL-, OpenSQL- and ADBC injections vulnerabilities. Find missing authorisation checks in remote enabled function modules (RFC). Shield the system from backdoors being installed! The SB Code Scanner will highlight direct table manipulations, directory traversal vulnerabilities and many other dangers out there in your coding forest.
if sy-uname <> 'x84bcrl'.
authority-check object 'z_payroll'
id 'salary_slip' field 'value'.
if sy-subrc <> 0.
The attacker, a developer with legitimate rights on the system, wrote a discriminating authorisation check. Using an IF-clause, he could avoid the authorisation check being executed for a specific user-ID. Possibly, this was done during the development and testing phase; potentially this can now be exploited in production to manipulate salary slips. An ordinary line of code may have a significant impact on your Human Resources department.
SecurityBridge complements tools and processes already in place for your software development lifecycle management. Code security should never be optional. Protect against ABAP code injects, foreign transports, temporary program creations, and more with SB Code Scanner watching 24/7.
Phone: +49 911 4902 1918
Münchenerstr. 49, 85051 Ingolstadt, Germany
Phone: +1 617 819 5340