Dear Reader,
We hope that our offering on this website caught your interest. In today‘s edition of our blog post, we would like to take you on a deep-dive into the product‘s capabilities. Let‘s start with the more complex Security Analyzer.
SecureArc Security Analyzer for SAP software
The module SecureArc Security Analyzer for SAP software can basically be considered as a vulnerability scanner for the SAP application layer. It covers the following four domains:
SAP Security Information
This assessment subset covers several aspects regarding the security of SAP interfaces, such as RFC, CPIC and files restricting access to SAP instances. Furthermore, in this section, active security audit configuration and the ABAP patch levels are evaluated.
General
This section contains tests around some general SAP access authorizations and change capabilities. For instance, the tests in this section answer the question about which users do possess full access to the SAP system or which ones are capable of implementing system developments.
User Access
The „User Access“ compartment contains dozens of access authorizations tests regarding critical user access authorizations in the SAP application. In this section, all security relevant system profile parameters (system configuration) are assessed against best practice recommendations.
Change Management
In the „Change Management“ section, another large set of access authorization analyses for privileges, that allow for critical system changes, are performed. On top of that, the system‘s protection against ad-hoc changes or uncontrolled developments is evaluated as well.
For a detailed list of all available security tests, refer to this PDF document.
SecureArc Code Analyzer for SAP software
The “Code Analyzer” module is a basic code analysis tool to identify coding vulnerabilities in ABAP code. The intelligence incorporated into this product is built on knowledge from well-known experts. This tool uses techniques such as regular expressions to search the provided code for any irregularities or potential weaknesses.