Use this title slide only with an image

SAP Enterprise Application Security SolutionsSAP Fortify by HP and SAP NetWeaver Application Server, Add-On for Code Vulnerability Analysis

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 2

Application security challengesCyber attackers are targeting applications

84% of breaches occur at the application layer

Networks

Hardware

Applications

Intellectual property

Customerdata

Businessprocesses

Trade secrets

Cyber attack

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 3

Security failures create BIG problemsImpact of attacks are significant and far reaching

Security failures can result in:

– Negative publicity

– Brand damage

– Lost revenue

– Legal consequences

– Penalties

A significant number of application security breachesare occurring each month around the globe.

Click here to learn more about the World’s Biggest Data Breaches

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 4

Costs of fixing critical security defectsIt pays to discover issues prior to release

Cost of fixing vulnerabilities EARLY Cost of fixing vulnerabilities LATER

Stage Critical bugsidentified

Cost of fixing one bug

Cost of fixing all bugs

Requirements $139

Design $455

Coding 200 $977 $195,400

Testing $7,136

Production $14,102

Total 200 $195,400

Stage Critical bugsidentified

Cost of fixing one bug

Cost of fixing all bugs

Requirements $139

Design $455

Coding $977

Testing 50 $7,136 $356,800

Production 150 $14,102 $2,115,300

Total 200 $2,472,100

Identifying the critical bugs earlier in the lifecycle reduced costs by US$2.3 million

Source: OWASP, Application Security Guide for CISOs, November 2013

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 5

The current software security vulnerability situation

Your software is everywhere.How can you be sure that these highly accessible applications are also highly secure?

Today’s business applications have a history.

Grown over the years

Complex

Built on changing requirements

Created based on different development paradigms

Optimized for performance

Extended but not reinvented

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 6

The approach today: expensive and reactive

Somebody builds bad software.

In-house Outsourced Commercial Open source

IT deploys the bad software.

1

2

Breach or pen testproves our code is bad.

3

We convince and paydevelopers to fix it.

4

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 7

The right approach: systematic and proactive

Embed security into system development lifecycle (SDLC) process

In-house Outsourced Commercial Open source

Leverage security gate to validate resiliency of internal or external code

before production

Monitor and protect

software runningin production

1 2 3

This is application security.

Improve Software Development Life Cycle policies

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 8

Does security vulnerability exist in SAP?How SAP addresses application security

SAP development runs security tests on all SAP applications and the standard code as delivered by SAP.

But how about custom code developed for SAP by SAP customers and partners and non-SAP applications?

SAP clouddevelopmentsystems ~500

SAP internalbusiness

systems ~40SAP SE

SAP on-premise software

development systems ~8,500

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 9

Ensure application security with an end-to-end solutionwith SAP Fortify by HP and SAP NetWeaver Application Server, add-on for code vulnerability analysis

Dynamic application security testing Static application security testing

Find vulnerabilities in the running application

Manual application penetration testing

Automated application vulnerability scanning

Find vulnerabilities analyzing the sources

Automated source code analysis

Manual source code review

SAP Fortify by HP and

SAP NetWeaver Application Server, add-on for code vulnerability analysis

non-ABAPnon-SAP

ABAP

Finding security issues at design time instead of in production is easier and less expensive!

Management platform for monitoring, auditing, analysis, reporting

SAP Fortify

integrates with CVA

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 10

Summary: SAP Fortify by HP

NICHE PLAYERS

CHALLENGERS LEADERS

VISIONARIES

COMPLETENESS OF VISION

AB

ILIT

Y T

O E

XE

CU

TE

Magic Quadrant for Application Security Testing*

SiteLock

Appthority

N-Stalker

Pradeo

Virtual Forge

NSFOCUS

HPVeracode

IBM

WhiteHat Security

Synopsys

Contrast Security

Rapid7 (NTO)

Qualys

CheckmarxPortSwigger

CigitalTrustwave

Acunetix

Key facts from Gartner SAP Fortify software by HP is a leader in

the growing software security market 80% of successful attacks occur at the

application layer Small security teams can’t keep up Customers succeed by changing

development behavior Market is showing signs of mainstream adoption

The solution: find, fix, fortify Find and fix security issues in development –

98% savings on remediation Fortify applications against attacks – from 2x to

30x ROI when issue is fixed in development

*Source: Gartner, August 2015

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 11

For More InformationClick the links below

• How Cyber Attacks Really Happen and What You Can Do to Stay Safe?

• Bringing Security to the Forefront of Application Development with SAP Fortify by HP

• SAP NetWeaver Application Server, add-on for code vulnerability analysis

• SAP Insider ‒ Start Your ABAP Applications on Solid Ground

© 2015 SAP SE or an SAP affiliate company. All rights reserved.

Thank youContact information:

F name MI. L nameTitleAddressPhone number