3003: SAP: Augmenting Fortify SCA with newly uncovered vulnerabilities

Document created by tinacostilla on Sep 14, 2012Last modified by tinacostilla on Jul 8, 2014
Version 2Show Document
  • View in full screen mode

3003

SAP: Augmenting Fortify SCA with newly uncovered vulnerabilities

Speaker: Carsten Huth, HP

Attend this case study and learn how SAP—the third-largest software company in the world—rolled out HP Fortify Static Code Analyzer (SCA) in 2010 and 2011, and how SAP Development is now using it throughout the organization for static source-code analysis of non-advanced business application programming languages. We’ll show you how the potential attack information that SCA gave SAP improved source analysis and how additional Fortify custom rules are helping SAP make sure that software is protected against newly discovered types of attack. The session will include examples of an HTTP verb-tampering exploit on NetWeaver Java Application Server and external entity attacks on XML.

 

Attachments

Outcomes