German software house SAP has licensed code-checking software from Virtual Forge to help companies test and secure...
code written in the high level Abap programming language, part of SAP's NetWeaver suite.
In a statement SAP said Codeprofiler was the first product for static analysis of Abap applications with a specific focus on security and compliance tests.
Codeprofiler uses data- and control-flow analysis at up to 5,000 lines of source code per second to deliver quick reliable results, the company said.
Gunter Bitz, who is responsible for quality assurance at SAP, said SAP was using Codeprofiler internally alongside SAP's own Checkman tool.
"With Codeprofiler, SAP customers can systematically verify the entire Abap source code of their self-developed code on security and compliance weaknesses," he said. "For security tests, complete coverage is important, as an intruder can infiltrate a system through one single weak point.
Virtual Force CEO Andreas Wiegenstein said Codeprofiler systematically examined authorisation checks, access to sensitive tables or usage of critical functions in the standard SAP software to reduce the risk of running insecure code.