SAP: Augmenting Fortify SCA with newly uncovered vulnerabilities
Speaker: Carsten Huth, HP
Attend this case study and learn how SAP—the third-largest software company in the world—rolled out HP Fortify Static Code Analyzer (SCA) in 2010 and 2011, and how SAP Development is now using it throughout the organization for static source-code analysis of non-advanced business application programming languages. We’ll show you how the potential attack information that SCA gave SAP improved source analysis and how additional Fortify custom rules are helping SAP make sure that software is protected against newly discovered types of attack. The session will include examples of an HTTP verb-tampering exploit on NetWeaver Java Application Server and external entity attacks on XML.