Extend DevSecOps to your SAP ABAP applications. A centralized policy engine enables streamlined deployment and management. Step-by-step remediation instructions and integrations with SAP ABAP developer tools accelerate time to issue identification and remediation.
Organizations are implementing a greater focus on hardening their applications against attack, starting with the development process. A recent survey1 noted that 74% of security professionals have already “shifted left” (i.e., extended security earlier in development cycles) or plan to in the next three years. This shift is particularly important for business-critical applications such as those from SAP since they contain highly valuable corporate data. SAP applications are frequently at the core of large enterprise organizations, supporting the financial, HR, supply chain, sales, ERP, and customer processes needed to function as a global business.
These applications are also at the core of digital transformation projects, such as the shift to SAP S/4HANA. Analyzing and migrating custom code and data from legacy systems is a headache for developers seeking to migrate code, applications, and systems to the cloud. And building security into the software development lifecycle for SAP custom applications remains a challenge as well. Manual reviews, which are highly prone to error, are often used due to a lack of automated testing solutions for SAP code languages and environments.
The accelerated pace of these digital transformation projects also forces teams to attempt to balance speed and security…with security frequently tabled in order to meet abbreviated project timelines. Tight development cycles lead to the use (and re-use) of third-party code libraries and developers. However, with little visibility here as well, organizations are forced into even more manual reviews (if at all) to stop the introduction of new security issues.
Onapsis Control Central addresses these challenges with comprehensive application security testing for SAP ABAP custom applications throughout development. With a centralized architecture for automated assessments, integrations with SAP development environments and change management, and step-by-step remediation instructions, Control Central helps teams rapidly identify and fix issues before they negatively impact production.
“Onapsis helps us gain deeper visibility into code and transport vulnerabilities so we can prioritize our mitigation efforts and reduce risk to our systems.”
– Director SAP Application Development, Fortune 100 Manufacturing Company
How Onapsis Control Central Works
Onapsis Control Central works by scanning systems and inspecting code directly within development environments. Control Central leverages extensive test cases based on best practices and in-depth security analysis and research of SAP applications from the Onapsis Research Labs. Millions of lines of code can be automatically scanned in minutes, and remediation guidance is provided to keep pace with accelerated development cycles.
Security And Compliance
Onapsis’ highest priority is the security of our software and the confidentiality, integrity, and availability of customer information as it flows through that software. We embed the strongest possible security measures into our software development life cycle (SDLC) and into the operating system, database, web security, and logging layers of our products. Onapsis contracts with accredited, third-party, auditing companies who have audited our SDLC process and we have the following certifications: ISO 9001, ISO 20243:2018, ISO 27001:2013, SOC 1 Type 1/2, SOC 2 Type 1/2, and Veracode Verified Program. Our product design and development requirements follow the OWASP ASVA v4 framework or other industry standard guidelines.
Onapsis Professional Services
Achieve your business objectives at every stage of your journey. Onapsis’ comprehensive professional services offerings target:
Implementation: A paired delivery approach to accelerate time-to-value
Education: Knowledge for teams to successfully operate our platform
Optimization: Enable continuous improvement and alignment to business needs
Administration: Alleviate resource constraints
Onapsis Research Labs
The award-winning Onapsis Research Labs is a team of cybersecurity experts who combine in-depth knowledge and experience to deliver security insights and threat intel affecting mission critical applications from SAP, Oracle, and SaaS providers. They have discovered over 1,000 zero-day vulnerabilities and multiple critical global CERT alerts have been based on their novel research. Onapsis automatically updates its products with the latest threat intelligence and other security guidance from the Onapsis Research Labs. This provides customers with advanced notification on critical issues, comprehensive coverage, improved configurations and pre-patch protection ahead of scheduled vendor updates.
Licensing
Onapsis Control Central is licensed as an annual subscription based on the number of target systems. Subscription includes access to all updates available for the respective software license, technical support, and a dedicated account manager.
Expand and enhance your Control Central deployment with additional premium capabilities:
- On Change Control: Licensed as an annual subscription based on the number of target systems, it provides a detailed security scanning and approval framework for change management that integrates with SAP CHaRM. It offers a single view of detailed security scans, approvals, and notes related to system changes in addition to enabling automatic notifications to improve workflows.
- Control for Transports: Licensed as an annual subscription based on the number of target systems, it provides the ability to check development objects, system settings, application configuration, and data within SAP transports for vulnerabilities. Step-by-step remediation instructions identify flawed transport requests and help prevent costly production errors as well as reduce the risk of system downtime.
The Onapsis Platform
Onapsis Control is one-third of the Onapsis Platform. The Platform provides complete attack surface management for ERP landscapes, focused on business-critical application security that directly target interconnected risk – vulnerability management, threat monitoring, compliance automation, and application security testing.
Onapsis is proud to be an Oracle partner and the only application security and compliance platform invited to the SAP Endorsed Apps Program.
