Skip to Content

With SAP NetWeaver AS, add-on for code vulnerability analysis 7.5 scanning of ABAP sources for security weaknesses became even more easy. Allowing more systems to be scanned for even more types of defects, the new release is also more flexible and now can be deployed centrally.

Using the new central security scan support, customers are now able to overcome the release limitations of previous releases. Using this approach, only one SAP NetWeaver AS 7.5 basis system is required. Systems containing the code to be scanned can be releases down to SAP NetWeaver AS ABAP 7.00 (for details check SAP note 2190113).

The benefit of this approach is also, that in future an upgrade of the central scan system allows to use the latest checks also for all remote system.

Using an update scan engine, you can now analyze BSP pages and even navigate directly into the BSP sources to fix your web applications in case of security issues.

In addition, there were additional checks like checks to identify coding with insufficient authorization checks. You can find more details on the new and revised checks in SAP Note 1921820 – SAP NetWeaver AS, add-on for code vulnerability analysis – support package planning.

If you want to get more details, check our new roadmap https://service.sap.com/~sapidb/011000358700000256742014E.pdf on the SAP Service Market Place (SMP).
 

To report this post you need to login first.

3 Comments

You must be Logged on to comment or reply to a post.

  1. Uwe Sodan

    Hi Patrick,

    Great news !

    can we add a tag CVA== Code Vulnerability Analyzer on it ?

    May be some people would search for news on the tool under this name and will not find it.

    Also where can an ABAP developer find the complete list of checks ?

    Uwe

    (0) 
    1. Patrick Hildenbrand Post author

      Hi Uwe,

      thanks for your question. I’ve added the tag CVA to the blog.

      The list of checks is always available in the system in the documentation to the checks. You can also find information on what changed in the note mentioned above.

      Kind regards,

      Patrick

      (0) 

Leave a Reply