Establish better DevSecOps for SAP and accelerate RISE projects with the most comprehensive application security testing available for SAP. With automated code scans supporting more languages, platforms, and IDEs than any other vendor, Control keeps SAP application development moving and mitigates unexpected, costly delays.
Organizations are increasingly focused on hardening their applications against attack, starting with the development process. A research1 demonstrated a 400% increase in ransomware incidents that involved compromising SAP systems and data at victim’s organizations within three years. This increased threat level is especially concerning because these business-critical SAP applications contain highly valuable corporate data. SAP applications are at the core of large enterprises, supporting the critical and essential operations of the business.
These applications are also at the core of digital transformation projects, such as RISE with SAP. Analyzing and migrating custom code and data from legacy systems is a headache for developers seeking to migrate code, applications, and systems to the cloud. And building security into the software development lifecycle for SAP custom applications remains a challenge as well. Manual reviews, which are highly prone to error, are often used due to a lack of automated testing solutions for SAP code languages and environments.
The accelerated pace of these digital transformation projects also forces teams to attempt to balance speed and security…with security frequently tabled in order to meet abbreviated project timelines. Tight development cycles lead to the use (and re-use) of third-party code libraries and developers. However, with little visibility here as well, organizations are forced into even more manual reviews (if at all) to stop the introduction of new security issues.
Onapsis Control Central addresses these challenges by delivering the most comprehensive, award-winning application security testing available for SAP. With the broadest support for platforms, languages, integrated development environments (IDEs), Git repositories, and technology integrations, Control Central seamlessly integrates into developers’ existing workflows, scanning code and automatically fixing common issues. Bulk scanning of code from various sources (internal teams, partners, etc.) ensures consistent security and further helps accelerate and de-risk RISE with SAP projects.
“Onapsis helps us gain deeper visibility into code and transport vulnerabilities so we can prioritize our mitigation efforts and reduce risk to our systems.”
Director SAP Application Development, Fortune 100 Manufacturing Company
How Onapsis Control Central Works
Centrally deployed and managed, Onapsis Control Central works by scanning satellite systems to inspect code directly within integrated development environments (IDEs) or code repositories. Control Central can scan code both inline as developers work, in large batch scans of projects, packages, or repositories, or embedded within your change management and transport processes. With a focus on vulnerable, insecure code, Control Central leverages extensive test cases across multiple domains based on the best practices and in-depth security analysis and research of SAP applications from the Onapsis Research Labs.
Millions of lines of code can be automatically scanned in minutes, and remediation guidance is provided to keep pace with accelerated development cycles. You can leverage automatic bulk code identification and developer capabilities to resolve code errors.
Security And Compliance
Onapsis’ highest priority is the security of our software and the confidentiality, integrity, and availability of customer information as it flows through that software. We embed the strongest possible security measures into our software development life cycle (SDLC) and into the operating system, database, web security, and logging layers of our products. Onapsis contracts with accredited, third-party, auditing companies who have audited our SDLC process and we have the following certifications: ISO 9001, ISO 20243:2018, ISO 27001:2013, SOC 1 Type 1/2, SOC 2 Type 1/2, and Veracode Verified Program. Our product design and development requirements follow the OWASP ASVA v4 framework or other industry standard guidelines.
Onapsis Professional Services
Achieve your business objectives at every stage of your journey. Onapsis’ comprehensive
professional services offerings target:
Implementation: A paired delivery approach to accelerate time-to-value
Education: Knowledge for teams to successfully operate our platform
Optimization: Enable continuous improvement and alignment to business needs
Administration: Alleviate resource constraints
Onapsis Research Labs
The award-winning Onapsis Research Labs is a team of cybersecurity experts who combine in-depth knowledge and experience to deliver security insights and threat intel affecting mission critical applications from SAP, Oracle, and SaaS providers. They have discovered over 1,000 zero-day vulnerabilities and multiple critical global CERT alerts have been based on their novel research. Onapsis automatically updates its products with the latest threat intelligence and other security guidance from the Onapsis Research Labs. This provides customers with advanced notification on critical issues, comprehensive coverage, improved configurations and pre-patch protection ahead of scheduled vendor updates.
Licensing
Onapsis Control Central offers extensive flexibility in licensing, allowing organizations to customize their Control Central package based on targets, landscape, and preferred languages. All licenses are available as annual subscriptions based on the number of target systems. Subscriptions include access to all updates available for the respective software license, technical support, and a dedicated account manager.
Expand and enhance your Control Central deployment with the following premium capability:
On Change Control
Licensed as an annual subscription based on the number of target systems, it provides a detailed security scanning and approval framework for change management that integrates with SAP® ChaRM. It offers a single view of detailed security scans, approvals, and notes related to system changes in addition to improving approval and process workflows with automatic notifications, secondary approvals, and more.
The Onapsis Platform
Onapsis Control is one-third of the Onapsis Platform. The Platform provides complete attack surface management for ERP landscapes, focused on business-critical application security that directly target interconnected risk – vulnerability management, threat monitoring, compliance automation, and application security testing.
Onapsis is proud to be an Oracle partner and the only application security and compliance vendor invited to the SAP Endorsed Apps Program.