APPLICATION  SECURITY  MANAGEMENT  

How to efficiently identify and remediate critical vulnerabilities in SAP and other Business Applications

Agenda

  Why measure the effectiveness of your Application Security   Unified Platform   Demo:

  Virtual Forge - Code Profiler   Checkmarx - CxSAST

ThreadFix   Q&A

3

Why measure the effectiveness of your Application Security

  The state of Application Security   Why traditional tactics of Application Security Management fail   The need to orchestrate tons of security tools for different purposes

4

A unified platform to manage risks in your business applications

  Checkmarx and Virtual Forge provide customers with a feasible solution based on ThreadFix:

  Developed by experienced security practitioners   Combines reports from different code scanners   Provides a landscape wide overview   Easy control and monitoring of effort, timelines and

achievements   Common Weakness Enumeration (CWE)   Free Community Version available

5

Integration of CodeProfiler and CxSAST into ThreadFix

  Manage your findings from one common platform   CWE Standard Ratings and Certified Integration

Source: ThreadFix by Denim Group

6

DEMO Next Slide FF >> 4:00 Min.

Key Takeaways

You have seen, how you can:   Scan your SAP and other business applications for code vulnerabilities using CodeProfiler and Checkmarx   Control and monitor the projects overall application security state   Evaluate and prioritize the vulnerabilities found   Track the remediation of vulnerabilities with ThreadFix

8

Next Steps?

  Download the free ThreadFix Community Edition at www.threadfix.org

Sign up for the free SAP Risk Assessment at www.virtualforge.com

Sign up for a free secure code analysis by Checkmarx‘s CxSAST at

www.checkmarx.com

9

Disclaimer

© 2015 Virtual Forge GmbH. All rights reserved. Information contained in this publication is subject to change without prior notice. These materials are provided by Virtual Forge and serve only as information. SAP, ABAP and other named SAP products and services as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries worldwide. All other names of products and services are trademarks of their respective companies. The information in the text are approximate and is only for information.

Virtual Forge accepts no liability or responsibility for errors or omissions in this publication. From the information contained in this publication, no further liability is assumed. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of Virtual Forge GmbH, Germany or Virtual Forge Inc., Philadelphia. The General Terms and Conditions of Virtual Forge apply.

© 2015 Virtual Forge | www.virtualforge.com | All rights reserved.

10