Post on 23-Jan-2017
Use this title slide only with an image
SAP Enterprise Application Security SolutionsSAP Fortify by HP and SAP NetWeaver Application Server, Add-On for Code Vulnerability Analysis
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 2
Application security challengesCyber attackers are targeting applications
84% of breaches occur at the application layer
Networks
Hardware
Applications
Intellectual property
Customerdata
Businessprocesses
Trade secrets
Cyber attack
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 3
Security failures create BIG problemsImpact of attacks are significant and far reaching
Security failures can result in:
– Negative publicity
– Brand damage
– Lost revenue
– Legal consequences
– Penalties
A significant number of application security breachesare occurring each month around the globe.
Click here to learn more about the World’s Biggest Data Breaches
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 4
Costs of fixing critical security defectsIt pays to discover issues prior to release
Cost of fixing vulnerabilities EARLY Cost of fixing vulnerabilities LATER
Stage Critical bugsidentified
Cost of fixing one bug
Cost of fixing all bugs
Requirements $139
Design $455
Coding 200 $977 $195,400
Testing $7,136
Production $14,102
Total 200 $195,400
Stage Critical bugsidentified
Cost of fixing one bug
Cost of fixing all bugs
Requirements $139
Design $455
Coding $977
Testing 50 $7,136 $356,800
Production 150 $14,102 $2,115,300
Total 200 $2,472,100
Identifying the critical bugs earlier in the lifecycle reduced costs by US$2.3 million
Source: OWASP, Application Security Guide for CISOs, November 2013
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 5
The current software security vulnerability situation
Your software is everywhere.How can you be sure that these highly accessible applications are also highly secure?
Today’s business applications have a history.
Grown over the years
Complex
Built on changing requirements
Created based on different development paradigms
Optimized for performance
Extended but not reinvented
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 6
The approach today: expensive and reactive
Somebody builds bad software.
In-house Outsourced Commercial Open source
IT deploys the bad software.
1
2
Breach or pen testproves our code is bad.
3
We convince and paydevelopers to fix it.
4
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 7
The right approach: systematic and proactive
Embed security into system development lifecycle (SDLC) process
In-house Outsourced Commercial Open source
Leverage security gate to validate resiliency of internal or external code
before production
Monitor and protect
software runningin production
1 2 3
This is application security.
Improve Software Development Life Cycle policies
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 8
Does security vulnerability exist in SAP?How SAP addresses application security
SAP development runs security tests on all SAP applications and the standard code as delivered by SAP.
But how about custom code developed for SAP by SAP customers and partners and non-SAP applications?
SAP clouddevelopmentsystems ~500
SAP internalbusiness
systems ~40SAP SE
SAP on-premise software
development systems ~8,500
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 9
Ensure application security with an end-to-end solutionwith SAP Fortify by HP and SAP NetWeaver Application Server, add-on for code vulnerability analysis
Dynamic application security testing Static application security testing
Find vulnerabilities in the running application
Manual application penetration testing
Automated application vulnerability scanning
Find vulnerabilities analyzing the sources
Automated source code analysis
Manual source code review
SAP Fortify by HP and
SAP NetWeaver Application Server, add-on for code vulnerability analysis
non-ABAPnon-SAP
ABAP
Finding security issues at design time instead of in production is easier and less expensive!
Management platform for monitoring, auditing, analysis, reporting
SAP Fortify
integrates with CVA
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 10
Summary: SAP Fortify by HP
NICHE PLAYERS
CHALLENGERS LEADERS
VISIONARIES
COMPLETENESS OF VISION
AB
ILIT
Y T
O E
XE
CU
TE
Magic Quadrant for Application Security Testing*
SiteLock
Appthority
N-Stalker
Pradeo
Virtual Forge
NSFOCUS
HPVeracode
IBM
WhiteHat Security
Synopsys
Contrast Security
Rapid7 (NTO)
Qualys
CheckmarxPortSwigger
CigitalTrustwave
Acunetix
Key facts from Gartner SAP Fortify software by HP is a leader in
the growing software security market 80% of successful attacks occur at the
application layer Small security teams can’t keep up Customers succeed by changing
development behavior Market is showing signs of mainstream adoption
The solution: find, fix, fortify Find and fix security issues in development –
98% savings on remediation Fortify applications against attacks – from 2x to
30x ROI when issue is fixed in development
*Source: Gartner, August 2015
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 11
For More InformationClick the links below
• How Cyber Attacks Really Happen and What You Can Do to Stay Safe?
• Bringing Security to the Forefront of Application Development with SAP Fortify by HP
• SAP NetWeaver Application Server, add-on for code vulnerability analysis
• SAP Insider ‒ Start Your ABAP Applications on Solid Ground
© 2015 SAP SE or an SAP affiliate company. All rights reserved.
Thank youContact information:
F name MI. L nameTitleAddressPhone number