The Onapsis Blog

The world of business-critical application security is dynamic, with new developments happening on a continuous basis. Check out our blog for recommendations, insights and observations on the latest news for securing your SAP®, Oracle® and Salesforce applications.

Plan To Scan: Cleanse Your Code and Reduce SAP Digital Transformation Project Costs

Plan To Scan: Cleanse Your Code and Reduce SAP Digital Transformation Project Costs


Digital transformation projects are top of mind for enterprises. In fact, 91% of businesses are currently engaged in some form of digital initiative.1  Yet the average cost of a failed, delayed, or scaled-back digital transformation project is more than $4 million dollars.2  One of the most challenging components of digital transformation is migrating custom code applications to S/4HANA, cloud, or RISE with SAP. In a recent survey, 92% of organizations considered existing customizations as problematic to their path to S/4HANA.3 A plan for these migration projects should include three key components to keep projects on budget and on time:

  • Identify the relevant custom code applications
  • Plan how to scan the code to ensure you don’t bring vulnerabilities into your new environment 
  • Decide how it will be securely migrated


Audit Your SAP Custom Code

Performing an application audit to decide which code to migrate is crucial because migrating code that may be decades old can be risky. Legacy code may have been tested with a manual, error-prone process or perhaps not tested at all. Former employees may have left vulnerabilities behind which could compromise organizational integrity. For example, imagine a financial report that still routes to a former employee's personal email address when the code is executed. But finding and fixing legacy code defects prior to migration is a project that encompasses a massive scale. We, at Onapsis, have found that our customer SAP environments contain a range of 2 million to 100 million lines of custom code. And not surprisingly, a recent survey of IT professionals from organizations undergoing SAP S/4HANA transformations noted that analyzing and migrating custom code and data is their biggest challenge.4 Organizations need an automated, accelerated way to remediate bulk code issues, so they don’t inhibit migration project timelines or impact budgets. But even if code has been “cleaned”, its transport can still be compromised. It is critical to prevent custom code from having a negative system impact on new production systems. The most important requirement is the right technology to ensure the change and workflow management process is done correctly. Workflow tools that integrate scanning both at the transport and code levels must be integrated into the process to ensure both code and transport risks can be identified well before import into production. Failure to do this can inadvertently result in accepting changes that contain vulnerabilities and put new systems at risk.


Solve Challenges with Onapsis Control

Onapsis solves these challenges. We provide the application-level security needed for successful digital transformation. Teams using our automated custom code analysis are able to reduce review time by 70%, ensuring timely projects. The ability to “clean” code and establish a security baseline means a reduction of costly errors in new production systems. With Onapsis Control, you can automatically check custom code for security, compliance, and performance issues. Our robust test cases and multi-scanning engine give you a comprehensive understanding of potential vulnerabilities in your code, including third-party code development.  Identify and automatically remediate code issues within legacy applications in preparation for migration, including our one-click fix functionality which enables automatic remediation of up to 50% of the most common code errors. This lets your team shift their time spent doing repetitive, manual fixes to getting your custom code projects out more quickly. Control can even help identify unused code that can be removed to reduce the complexity of the migration. Bring only the custom code you need into your new systems. This not only accelerates the migration process it also means easier, faster scans during future development phases in your new environment.

Onapsis Control not only helps clean up your code and establish a security baseline, but it also ensures your transports are securely migrated into your new environment. Onapsis integrates a detailed security scanning and approval tool into change management tools. This lets information about code and transport changes be viewed at a detailed per-finding level, by the entire team. It also captures all change management communication and documentation about every change and enables automatic notifications. 

Onapsis has been in the business of protecting critical ERP systems since 2009 and are the only ERP-focused solution recognized by the Gartner Magic Quadrant for application security testing, so we know firsthand how challenging secure development for SAP applications can be. We understand it is critical when planning your code migration project, for either a S/4HANA transformation, cloud migration, or SAP RISE initiative, to scan all your code and remediate vulnerabilities to reduce risk. Make Onapsis a part of your plan, to learn more contact us for a demo.





[4] SAP Insider Benchmark Report Deployment Approaches to SAP S/4HANA Robert Holland July 2022

Request a Demo from Onapsis

Ready to eliminate your SAP cyber security blindspot?

Let us show you how simple it can be to protect your business applications.

Request a demo