ERPScan has released a new SaaS solution to protect SAP environments from customization issues. The new solution combines the ERPScan Security Monitoring Suite engine and new technologies developed ERPScan.
ERPScan's SAP Code Security SaaS provides the ability to upload a program code from their SAP Systems into ERPScan's cloud platform. Users receive a list of identified issues as well as a solution consisting of corrected code parts, alternative remediation fragments, and Virtual Patching for any detected vulnerability, which can be then imported into IPS systems from Cisco, CheckPoint, Fortinet, or any other vendor.
The current solution can identify 130 types of issues in Custom code of ABAP-based applications and detect such issues as:
- Software vulnerabilities (e.g. Directory traversal or SQL Injections), which can be exploited by cybercriminals.
- Backdoors, which developers can inject to conduct malicious actions, such as changing bank account numbers.
- Access control violation, i.e. fragments of code where developers have missed to implement access check for particular critical functions.
- Obsolete statements or statements, which were restricted to use by SAP. Such issues may affect operations during updates or migration.
The company offers three levels of services: Standard, Enterprise, and Ultimate which offer differing levels of service.