SlideShare uma empresa Scribd logo

Protect Your Customers Data from Cyberattacks

SAP Customer Experience
SAP Customer Experience

SAP Hybris solutions are all about providing a connected front office. But the customer experience can easily get damaged if the data from your business partners or end customers is not secure. With the new EU General Data Protection Regulation (GDPR) coming into effect in May 2018, the need to protect your customers’ data is essential for your business. Learn how to reduce cost by integrating security into your implementation process to be ahead of the curve for future cyberattacks.

1 de 15
PUBLIC . Run Secure. Andreas Gloege,SAP October2017 Protect Your Customers’ Data from Cyberattacks
2PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Existing network and perimeter based security is insufficient 1 2 3 4 5 6 7 8 Backend Systems 84% of breaches exploit vulnerabilities in the application layer Yet [the ratio of spending between perimeter security and application security is 23-to-1] - Gartner Maverick Research:Stop Protecting Your Apps;It’s Time forApps to ProtectThemselves (2014)
3PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Security failures create big problems http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ 20042017 92% of companies have experienced commercial consequences as a result of a data breach Source: Gemalto Breach Level Index, The Reality of Data Breaches in 2016 “
4PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Your software is everywhere How can you be sure your highly accessible applications are also highly secure? Grown over the years Complex Built on changing requirements Created based on different development paradigms Optimized for performance Extended, but not reinvented You software has a history
5PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ It pays to discover issues prior to release Identifying the critical bugs earlier in the lifecycle reduced costs by $2.3M USD* *Source: OWASP, Application Security Guide for CISOs, November 2013 Today’s approach is expensive and reactive
6PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ It pays to discover issues prior to release Identifying the critical bugs earlier in the lifecycle reduced costs by $2.3M USD* *Source: OWASP, Application Security Guide for CISOs, November 2013 The right approach is systematic and proactive
7PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ SAP is in the business of securing our customers’ business Over 300,000 customers depend on SAP. From an attacker’s standpoint, SAP is one of the most valuable applications to gain access to. Since the start of the Application Security Initiative, SAP had performed static analysis on approximately 178 million lines of code using SAP Fortify by HPE. Hybris is using SAP Fortify by HPE to scan the standard code SAP delivers to our customers. SAP Product Development is using SAP CVA to scan more than 500 million lines of code for the standard products which are delivered to our customers. Justin Somaini, SAP Chief Security Officer SAP on-premise software development systems ~8,500 SAP internal business systems ~40 SAP cloud development systems ~500
Technological advancement is outpacing security. If our digital economy is to thrive, our commitment to cybersecurity must match our commitment to innovation. Source: Commission on Enhancing National Cybersecurity, Report on Securing and Growing the Digital Economy “
9PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ End-to-end application security solution for SAP Hybris Dynamic application security testing Static application security testing Find vulnerabilities in the running application Manual application penetration testing Automated application vulnerability scanning Find vulnerabilities analyzing the sources Automated source code analysis Manual source code review SAP Fortify by HPE SAP NetWeaver Application Server, add-on for code vulnerability analysis (CVA) Back-End ABAP system Finding security issues at design time instead of in production is easier and less expensive! Management platform for governance, reporting, auditing, analysis SAP Fortify integrates with CVA
10PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Build secure Hybris solutions from the start Stay Safe with Application Security Testing SAP Fortify by HPE and SAP Code Vulnerability Analyzer • Comprehensive:Full SDLC coverage, including SAST, DAST, IAST, and RASP. One of the strongest and most innovative SDLC integrations, with DevInspect and Security Assistant. • Proven:With over a decade of successful deployments, and backed by the largest security research team. • Leader:Since 2009, it has been a leader in Gartner’s Magic Quadrant for Application Security Testing (AST). • Watch the video Why SAP Fortify by HPE is the best choice to manage risk across your enterprise: • Leverage tools that are already integrated into the standard SAP ABAP development infrastructure for easy consumption – no additional installations required. • Provide developers with extensive documentation to support speedy security fixes. • Meet the compliance and automation requirements of your software quality assurance teams. • Watch the video Why SAP Code Vulnerability Analyzer is the best choice to manage risk across your ABAP applications: Sources 1. “Cyber Risk Report2013”, HP Security Research,February2014. 2. “2014 Gartner Magic Quadrant for Application Security Testing.” Gartner, July 1, 2014. 56% 75% 84% of weaknesses reveal information about applications, implementations, or users.3 of mobile applications fail basic security tests.2 of breaches occur at the application layer.1 Fortify and CVA Integration
Thank you. Contact information: Andreas Gloege Director, Quality and Security Assurance SAP America, Inc. Andreas.Gloege@sap.com Deeper Dive Session in Focus Area: Technology Session ID 53267 Thursday, October19, 2017 11:15 AM-12:15PM CC7.06 [474458] Thursday, October19, 2017 3:00 PM-4:00 PM CC7.05 [474456] Build secure codefrom within – securing yourcode againstcyberattacks Abstract:A deeperdive of the Micro Theater session“ProtectYour Customers’Data from Cyberattacks”.More than 80 percentof successfulbreaches target vulnerabilities in the application layer, and here you will see demonstrations on how you can keep your code from being a statistic. . Run Secure.
13PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Today’s approach is expensive and reactive Somebody builds bad software In-house Outsourced Commercial Open source IT deploys the bad software 1 2 Breach or pen test proves our code is bad 3 We convince and pay developers to fix it 4 Customization to SAP Hybris
14PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Today’s approach is expensive and reactive It pays to discover issues prior to release Cost of fixing vulnerabilities EARLY Cost of fixing vulnerabilities LATER Stage Critical bugs identified Cost of fixing one bug Cost of fixing all bugs Requirements $139 Design $455 Coding 200 $977 $195,400 Testing $7,136 Production $14,102 Total 200 $195,400 Stage Critical bugs identified Cost of fixing one bug Cost of fixing all bugs Requirements $139 Design $455 Coding $977 Testing 50 $7,136 $356,800 Production 150 $14,102 $2,115,300 Total 200 $2,472,100 Identifying the critical bugs earlier in the lifecycle reduced costs by US$2.3 million Source: OWASP, Application Security Guide for CISOs, November 2013
15PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ It pays to discover issues prior to release Identifying the critical bugs earlier in the lifecycle reduced costs by $2.3M USD Source: OWASP, Application Security Guide for CISOs, November 2013
16PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ The right approach is systematic and proactive People – Process - Technology Leverage security gate to validate resiliency of internal or external code before production Protect software running in production through continuous validation 2 3 This is application security and quality Improve SoftwareDevelopmentLife Cycle policies Embed security into system development lifecycle (SDLC) process In-house Outsourced Commercial Open source 1

Recomendados

Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...
Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...
Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...CA Technologies
 
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything CA Technologies
 
Scaling DevOps Adoption
Scaling DevOps AdoptionScaling DevOps Adoption
Scaling DevOps AdoptionMark Rendell
 
CA Mainframe Resource Intelligence
CA Mainframe Resource IntelligenceCA Mainframe Resource Intelligence
CA Mainframe Resource IntelligenceCA Technologies
 
Operationalizing your Virtual Network: Getting to the Next Level with SDN/NFV...
Operationalizing your Virtual Network: Getting to the Next Level with SDN/NFV...Operationalizing your Virtual Network: Getting to the Next Level with SDN/NFV...
Operationalizing your Virtual Network: Getting to the Next Level with SDN/NFV...CA Technologies
 
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!Embrace DevSecOps and Enjoy a Significant Competitive Advantage!
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!DevOps.com
 
Building Digital Trust
Building Digital Trust Building Digital Trust
Building Digital TrustCA Technologies
 
A worldwide journey to build a secure development environment
A worldwide journey to build a secure development environmentA worldwide journey to build a secure development environment
A worldwide journey to build a secure development environmentPriyanka Aash
 

Recomendados

Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...
Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...
Keynote: Unlock the Power of Continuous Delivery with End-to-End, Integrated ...CA Technologies
 
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything CA Technologies
 
Scaling DevOps Adoption
Scaling DevOps AdoptionScaling DevOps Adoption
Scaling DevOps AdoptionMark Rendell
 
CA Mainframe Resource Intelligence
CA Mainframe Resource IntelligenceCA Mainframe Resource Intelligence
CA Mainframe Resource IntelligenceCA Technologies
 
Operationalizing your Virtual Network: Getting to the Next Level with SDN/NFV...
Operationalizing your Virtual Network: Getting to the Next Level with SDN/NFV...Operationalizing your Virtual Network: Getting to the Next Level with SDN/NFV...
Operationalizing your Virtual Network: Getting to the Next Level with SDN/NFV...CA Technologies
 
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!Embrace DevSecOps and Enjoy a Significant Competitive Advantage!
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!DevOps.com
 
Building Digital Trust
Building Digital Trust Building Digital Trust
Building Digital TrustCA Technologies
 
A worldwide journey to build a secure development environment
A worldwide journey to build a secure development environmentA worldwide journey to build a secure development environment
A worldwide journey to build a secure development environmentPriyanka Aash
 
Take Advantage of CA PPM Application Management Services
Take Advantage of CA PPM Application Management ServicesTake Advantage of CA PPM Application Management Services
Take Advantage of CA PPM Application Management ServicesCA Technologies
 
Agile Test Data Automation with CA Automic Service Orchestration and CA Test ...
Agile Test Data Automation with CA Automic Service Orchestration and CA Test ...Agile Test Data Automation with CA Automic Service Orchestration and CA Test ...
Agile Test Data Automation with CA Automic Service Orchestration and CA Test ...CA Technologies
 
Keynote: Announcing API and Microservice Innovations that Drive Business Agil...
Keynote: Announcing API and Microservice Innovations that Drive Business Agil...Keynote: Announcing API and Microservice Innovations that Drive Business Agil...
Keynote: Announcing API and Microservice Innovations that Drive Business Agil...CA Technologies
 
Creating a Collaborative Workplace Culture Webinar Series: “How can remote wo...
Creating a Collaborative Workplace Culture Webinar Series: “How can remote wo...Creating a Collaborative Workplace Culture Webinar Series: “How can remote wo...
Creating a Collaborative Workplace Culture Webinar Series: “How can remote wo...Cisco Canada
 
ePlus Managed Services
ePlus Managed ServicesePlus Managed Services
ePlus Managed ServicesePlus
 
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...CA Technologies
 
ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...
ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...
ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...Denim Group
 
Accenture DevOps: Delivering applications at the pace of business
Accenture DevOps: Delivering applications at the pace of businessAccenture DevOps: Delivering applications at the pace of business
Accenture DevOps: Delivering applications at the pace of businessAccenture Technology
 
Ongoing management of your PHP 7 application
Ongoing management of your PHP 7 applicationOngoing management of your PHP 7 application
Ongoing management of your PHP 7 applicationZend by Rogue Wave Software
 
Lessons from a recovering runtime application self protection addict
Lessons from a recovering runtime application self protection addictLessons from a recovering runtime application self protection addict
Lessons from a recovering runtime application self protection addictPriyanka Aash
 
A New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFixA New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFixDenim Group
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...CA Technologies
 
Unlock The Power Of Real-Time Performance Data With Business iQ - AppD Global...
Unlock The Power Of Real-Time Performance Data With Business iQ - AppD Global...Unlock The Power Of Real-Time Performance Data With Business iQ - AppD Global...
Unlock The Power Of Real-Time Performance Data With Business iQ - AppD Global...AppDynamics
 
Permission Boundary Round: AWS Security Week at the San Francisco Loft
Permission Boundary Round: AWS Security Week at the San Francisco LoftPermission Boundary Round: AWS Security Week at the San Francisco Loft
Permission Boundary Round: AWS Security Week at the San Francisco LoftAmazon Web Services
 
Mainframe MRI from CA Technologies
Mainframe MRI from CA TechnologiesMainframe MRI from CA Technologies
Mainframe MRI from CA TechnologiesCA Technologies
 
What's next for AppD and Cisco? - AppD Global Tour
What's next for AppD and Cisco? - AppD Global TourWhat's next for AppD and Cisco? - AppD Global Tour
What's next for AppD and Cisco? - AppD Global TourAppDynamics
 
Implementing SRE practices: SLI/SLO deep dive - David Blank-Edelman - DevOpsD...
Implementing SRE practices: SLI/SLO deep dive - David Blank-Edelman - DevOpsD...Implementing SRE practices: SLI/SLO deep dive - David Blank-Edelman - DevOpsD...
Implementing SRE practices: SLI/SLO deep dive - David Blank-Edelman - DevOpsD...DevOpsDays Tel Aviv
 
Running a High-Efficiency, High-Visibility Application Security Program with...
Running a High-Efficiency, High-Visibility Application Security Program with...Running a High-Efficiency, High-Visibility Application Security Program with...
Running a High-Efficiency, High-Visibility Application Security Program with...Denim Group
 
SplunkLive! Utrecht 2019: NN Group
SplunkLive! Utrecht 2019: NN Group SplunkLive! Utrecht 2019: NN Group
SplunkLive! Utrecht 2019: NN Group Splunk
 
Deliver it in the enterprise. Scale DevOps and Continuous Delivery
Deliver it in the enterprise. Scale DevOps and Continuous DeliveryDeliver it in the enterprise. Scale DevOps and Continuous Delivery
Deliver it in the enterprise. Scale DevOps and Continuous DeliveryMark Heistek
 
Secure HANA in the Cloud | Mitigating Internal & External Threats | Symmetry™
Secure HANA in the Cloud | Mitigating Internal & External Threats | Symmetry™ Secure HANA in the Cloud | Mitigating Internal & External Threats | Symmetry™
Secure HANA in the Cloud | Mitigating Internal & External Threats | Symmetry™ Symmetry™
 
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...Tunde Ogunkoya
 

Mais conteúdo relacionado

Mais procurados

Take Advantage of CA PPM Application Management Services
Take Advantage of CA PPM Application Management ServicesTake Advantage of CA PPM Application Management Services
Take Advantage of CA PPM Application Management ServicesCA Technologies
 
Agile Test Data Automation with CA Automic Service Orchestration and CA Test ...
Agile Test Data Automation with CA Automic Service Orchestration and CA Test ...Agile Test Data Automation with CA Automic Service Orchestration and CA Test ...
Agile Test Data Automation with CA Automic Service Orchestration and CA Test ...CA Technologies
 
Keynote: Announcing API and Microservice Innovations that Drive Business Agil...
Keynote: Announcing API and Microservice Innovations that Drive Business Agil...Keynote: Announcing API and Microservice Innovations that Drive Business Agil...
Keynote: Announcing API and Microservice Innovations that Drive Business Agil...CA Technologies
 
Creating a Collaborative Workplace Culture Webinar Series: “How can remote wo...
Creating a Collaborative Workplace Culture Webinar Series: “How can remote wo...Creating a Collaborative Workplace Culture Webinar Series: “How can remote wo...
Creating a Collaborative Workplace Culture Webinar Series: “How can remote wo...Cisco Canada
 
ePlus Managed Services
ePlus Managed ServicesePlus Managed Services
ePlus Managed ServicesePlus
 
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...CA Technologies
 
ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...
ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...
ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...Denim Group
 
Accenture DevOps: Delivering applications at the pace of business
Accenture DevOps: Delivering applications at the pace of businessAccenture DevOps: Delivering applications at the pace of business
Accenture DevOps: Delivering applications at the pace of businessAccenture Technology
 
Lessons from a recovering runtime application self protection addict
Lessons from a recovering runtime application self protection addictLessons from a recovering runtime application self protection addict
Lessons from a recovering runtime application self protection addictPriyanka Aash
 
A New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFixA New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFixDenim Group
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...CA Technologies
 
Unlock The Power Of Real-Time Performance Data With Business iQ - AppD Global...
Unlock The Power Of Real-Time Performance Data With Business iQ - AppD Global...Unlock The Power Of Real-Time Performance Data With Business iQ - AppD Global...
Unlock The Power Of Real-Time Performance Data With Business iQ - AppD Global...AppDynamics
 
Permission Boundary Round: AWS Security Week at the San Francisco Loft
Permission Boundary Round: AWS Security Week at the San Francisco LoftPermission Boundary Round: AWS Security Week at the San Francisco Loft
Permission Boundary Round: AWS Security Week at the San Francisco LoftAmazon Web Services
 
Mainframe MRI from CA Technologies
Mainframe MRI from CA TechnologiesMainframe MRI from CA Technologies
Mainframe MRI from CA TechnologiesCA Technologies
 
What's next for AppD and Cisco? - AppD Global Tour
What's next for AppD and Cisco? - AppD Global TourWhat's next for AppD and Cisco? - AppD Global Tour
What's next for AppD and Cisco? - AppD Global TourAppDynamics
 
Implementing SRE practices: SLI/SLO deep dive - David Blank-Edelman - DevOpsD...
Implementing SRE practices: SLI/SLO deep dive - David Blank-Edelman - DevOpsD...Implementing SRE practices: SLI/SLO deep dive - David Blank-Edelman - DevOpsD...
Implementing SRE practices: SLI/SLO deep dive - David Blank-Edelman - DevOpsD...DevOpsDays Tel Aviv
 
Running a High-Efficiency, High-Visibility Application Security Program with...
Running a High-Efficiency, High-Visibility Application Security Program with...Running a High-Efficiency, High-Visibility Application Security Program with...
Running a High-Efficiency, High-Visibility Application Security Program with...Denim Group
 
SplunkLive! Utrecht 2019: NN Group
SplunkLive! Utrecht 2019: NN Group SplunkLive! Utrecht 2019: NN Group
SplunkLive! Utrecht 2019: NN Group Splunk
 
Deliver it in the enterprise. Scale DevOps and Continuous Delivery
Deliver it in the enterprise. Scale DevOps and Continuous DeliveryDeliver it in the enterprise. Scale DevOps and Continuous Delivery
Deliver it in the enterprise. Scale DevOps and Continuous DeliveryMark Heistek
 

Mais procurados (20)

Take Advantage of CA PPM Application Management Services
Take Advantage of CA PPM Application Management ServicesTake Advantage of CA PPM Application Management Services
Take Advantage of CA PPM Application Management Services
 
Agile Test Data Automation with CA Automic Service Orchestration and CA Test ...
Agile Test Data Automation with CA Automic Service Orchestration and CA Test ...Agile Test Data Automation with CA Automic Service Orchestration and CA Test ...
Agile Test Data Automation with CA Automic Service Orchestration and CA Test ...
 
Keynote: Announcing API and Microservice Innovations that Drive Business Agil...
Keynote: Announcing API and Microservice Innovations that Drive Business Agil...Keynote: Announcing API and Microservice Innovations that Drive Business Agil...
Keynote: Announcing API and Microservice Innovations that Drive Business Agil...
 
Creating a Collaborative Workplace Culture Webinar Series: “How can remote wo...
Creating a Collaborative Workplace Culture Webinar Series: “How can remote wo...Creating a Collaborative Workplace Culture Webinar Series: “How can remote wo...
Creating a Collaborative Workplace Culture Webinar Series: “How can remote wo...
 
ePlus Managed Services
ePlus Managed ServicesePlus Managed Services
ePlus Managed Services
 
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
 
ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...
ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...
ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...
 
Accenture DevOps: Delivering applications at the pace of business
Accenture DevOps: Delivering applications at the pace of businessAccenture DevOps: Delivering applications at the pace of business
Accenture DevOps: Delivering applications at the pace of business
 
Ongoing management of your PHP 7 application
Ongoing management of your PHP 7 applicationOngoing management of your PHP 7 application
Ongoing management of your PHP 7 application
 
Lessons from a recovering runtime application self protection addict
Lessons from a recovering runtime application self protection addictLessons from a recovering runtime application self protection addict
Lessons from a recovering runtime application self protection addict
 
A New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFixA New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFix
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
 
Unlock The Power Of Real-Time Performance Data With Business iQ - AppD Global...
Unlock The Power Of Real-Time Performance Data With Business iQ - AppD Global...Unlock The Power Of Real-Time Performance Data With Business iQ - AppD Global...
Unlock The Power Of Real-Time Performance Data With Business iQ - AppD Global...
 
Permission Boundary Round: AWS Security Week at the San Francisco Loft
Permission Boundary Round: AWS Security Week at the San Francisco LoftPermission Boundary Round: AWS Security Week at the San Francisco Loft
Permission Boundary Round: AWS Security Week at the San Francisco Loft
 
Mainframe MRI from CA Technologies
Mainframe MRI from CA TechnologiesMainframe MRI from CA Technologies
Mainframe MRI from CA Technologies
 
What's next for AppD and Cisco? - AppD Global Tour
What's next for AppD and Cisco? - AppD Global TourWhat's next for AppD and Cisco? - AppD Global Tour
What's next for AppD and Cisco? - AppD Global Tour
 
Implementing SRE practices: SLI/SLO deep dive - David Blank-Edelman - DevOpsD...
Implementing SRE practices: SLI/SLO deep dive - David Blank-Edelman - DevOpsD...Implementing SRE practices: SLI/SLO deep dive - David Blank-Edelman - DevOpsD...
Implementing SRE practices: SLI/SLO deep dive - David Blank-Edelman - DevOpsD...
 
Running a High-Efficiency, High-Visibility Application Security Program with...
Running a High-Efficiency, High-Visibility Application Security Program with...Running a High-Efficiency, High-Visibility Application Security Program with...
Running a High-Efficiency, High-Visibility Application Security Program with...
 
SplunkLive! Utrecht 2019: NN Group
SplunkLive! Utrecht 2019: NN Group SplunkLive! Utrecht 2019: NN Group
SplunkLive! Utrecht 2019: NN Group
 
Deliver it in the enterprise. Scale DevOps and Continuous Delivery
Deliver it in the enterprise. Scale DevOps and Continuous DeliveryDeliver it in the enterprise. Scale DevOps and Continuous Delivery
Deliver it in the enterprise. Scale DevOps and Continuous Delivery
 

Semelhante a Protect Your Customers Data from Cyberattacks

Secure HANA in the Cloud | Mitigating Internal & External Threats | Symmetry™
Secure HANA in the Cloud | Mitigating Internal & External Threats | Symmetry™ Secure HANA in the Cloud | Mitigating Internal & External Threats | Symmetry™
Secure HANA in the Cloud | Mitigating Internal & External Threats | Symmetry™ Symmetry™
 
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...Tunde Ogunkoya
 
#askSAP GRC Innovations Community Call: Cybersecurity Risk and Governance
#askSAP GRC Innovations Community Call: Cybersecurity Risk and Governance#askSAP GRC Innovations Community Call: Cybersecurity Risk and Governance
#askSAP GRC Innovations Community Call: Cybersecurity Risk and GovernanceSAP Analytics
 
Industrial Challenges of Secure Software Development
Industrial Challenges of Secure Software DevelopmentIndustrial Challenges of Secure Software Development
Industrial Challenges of Secure Software DevelopmentAchim D. Brucker
 
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...Tunde Ogunkoya
 
Securing Your Digital Transformation: Cybersecurity and You
Securing Your Digital Transformation: Cybersecurity and YouSecuring Your Digital Transformation: Cybersecurity and You
Securing Your Digital Transformation: Cybersecurity and YouSAP Ariba
 
SAP Fortify by Micro Focus.
SAP Fortify by Micro Focus. SAP Fortify by Micro Focus.
SAP Fortify by Micro Focus. Micro Focus
 
Deploying Static Application Security Testing on a Large Scale
Deploying Static Application Security Testing on a Large ScaleDeploying Static Application Security Testing on a Large Scale
Deploying Static Application Security Testing on a Large ScaleAchim D. Brucker
 
Securing Your Digital Transformation: Cybersecurity and You
Securing Your Digital Transformation: Cybersecurity and YouSecuring Your Digital Transformation: Cybersecurity and You
Securing Your Digital Transformation: Cybersecurity and YouSAP Ariba
 
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxEmphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxlior mazor
 
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...CA Technologies
 
Building Elastic into security operations
Building Elastic into security operationsBuilding Elastic into security operations
Building Elastic into security operationsElasticsearch
 
How to assess the risks in your SAP systems at the push of a button
How to assess the risks in your SAP systems at the push of a buttonHow to assess the risks in your SAP systems at the push of a button
How to assess the risks in your SAP systems at the push of a buttonVirtual Forge
 
The Power of Collective Insight with SAP BI
The Power of Collective Insight with SAP BIThe Power of Collective Insight with SAP BI
The Power of Collective Insight with SAP BIWaldemar Adams
 
Delta g ric_consulting_presentation_erpscan_2015
Delta g ric_consulting_presentation_erpscan_2015Delta g ric_consulting_presentation_erpscan_2015
Delta g ric_consulting_presentation_erpscan_2015Tunde Ogunkoya
 
Secure HR Platform for Utilities
Secure HR Platform for Utilities Secure HR Platform for Utilities
Secure HR Platform for Utilities Bhupesh Chaurasia
 
Getting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyGetting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyRogue Wave Software
 
Mobile pulse sept 2014
Mobile pulse sept 2014Mobile pulse sept 2014
Mobile pulse sept 2014Bjørn Sloth
 

Semelhante a Protect Your Customers Data from Cyberattacks (20)

Secure HANA in the Cloud | Mitigating Internal & External Threats | Symmetry™
Secure HANA in the Cloud | Mitigating Internal & External Threats | Symmetry™ Secure HANA in the Cloud | Mitigating Internal & External Threats | Symmetry™
Secure HANA in the Cloud | Mitigating Internal & External Threats | Symmetry™
 
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...
 
#askSAP GRC Innovations Community Call: Cybersecurity Risk and Governance
#askSAP GRC Innovations Community Call: Cybersecurity Risk and Governance#askSAP GRC Innovations Community Call: Cybersecurity Risk and Governance
#askSAP GRC Innovations Community Call: Cybersecurity Risk and Governance
 
Industrial Challenges of Secure Software Development
Industrial Challenges of Secure Software DevelopmentIndustrial Challenges of Secure Software Development
Industrial Challenges of Secure Software Development
 
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
 
Securing Your Digital Transformation: Cybersecurity and You
Securing Your Digital Transformation: Cybersecurity and YouSecuring Your Digital Transformation: Cybersecurity and You
Securing Your Digital Transformation: Cybersecurity and You
 
SAP Fortify by Micro Focus.
SAP Fortify by Micro Focus. SAP Fortify by Micro Focus.
SAP Fortify by Micro Focus.
 
Google Technical Webinar - Building Mashups with Google Apps and SAP, using S...
Google Technical Webinar - Building Mashups with Google Apps and SAP, using S...Google Technical Webinar - Building Mashups with Google Apps and SAP, using S...
Google Technical Webinar - Building Mashups with Google Apps and SAP, using S...
 
Deploying Static Application Security Testing on a Large Scale
Deploying Static Application Security Testing on a Large ScaleDeploying Static Application Security Testing on a Large Scale
Deploying Static Application Security Testing on a Large Scale
 
Securing Your Digital Transformation: Cybersecurity and You
Securing Your Digital Transformation: Cybersecurity and YouSecuring Your Digital Transformation: Cybersecurity and You
Securing Your Digital Transformation: Cybersecurity and You
 
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxEmphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
 
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
 
Building Elastic into security operations
Building Elastic into security operationsBuilding Elastic into security operations
Building Elastic into security operations
 
How to assess the risks in your SAP systems at the push of a button
How to assess the risks in your SAP systems at the push of a buttonHow to assess the risks in your SAP systems at the push of a button
How to assess the risks in your SAP systems at the push of a button
 
The Power of Collective Insight with SAP BI
The Power of Collective Insight with SAP BIThe Power of Collective Insight with SAP BI
The Power of Collective Insight with SAP BI
 
Delta g ric_consulting_presentation_erpscan_2015
Delta g ric_consulting_presentation_erpscan_2015Delta g ric_consulting_presentation_erpscan_2015
Delta g ric_consulting_presentation_erpscan_2015
 
Secure HR Platform for Utilities
Secure HR Platform for Utilities Secure HR Platform for Utilities
Secure HR Platform for Utilities
 
SAP Cloud Strategy
SAP Cloud StrategySAP Cloud Strategy
SAP Cloud Strategy
 
Getting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyGetting the most from your API management platform: A case study
Getting the most from your API management platform: A case study
 
Mobile pulse sept 2014
Mobile pulse sept 2014Mobile pulse sept 2014
Mobile pulse sept 2014
 

Mais de SAP Customer Experience

See Your Business Take Off with SAP® Leonardo
See Your Business Take Off with SAP® LeonardoSee Your Business Take Off with SAP® Leonardo
See Your Business Take Off with SAP® LeonardoSAP Customer Experience
 
Personalization through Contextual Marketing
Personalization through Contextual MarketingPersonalization through Contextual Marketing
Personalization through Contextual MarketingSAP Customer Experience
 
Omnichannel Master Class with TJ Chandler, Pragmatist
Omnichannel Master Class with TJ Chandler, PragmatistOmnichannel Master Class with TJ Chandler, Pragmatist
Omnichannel Master Class with TJ Chandler, PragmatistSAP Customer Experience
 
Omnichannel and the Future: Master Class with Anders Sörman-Nilsson
Omnichannel and the Future: Master Class with Anders Sörman-NilssonOmnichannel and the Future: Master Class with Anders Sörman-Nilsson
Omnichannel and the Future: Master Class with Anders Sörman-NilssonSAP Customer Experience
 
Engaging the Digital Connected Customer - with Albert Yip
Engaging the Digital Connected Customer - with Albert Yip Engaging the Digital Connected Customer - with Albert Yip
Engaging the Digital Connected Customer - with Albert Yip SAP Customer Experience
 
How to create a frictionless customer experience
How to create a frictionless customer experienceHow to create a frictionless customer experience
How to create a frictionless customer experienceSAP Customer Experience
 
The Perfect Store Execution (Picture of Success)
The Perfect Store Execution (Picture of Success)The Perfect Store Execution (Picture of Success)
The Perfect Store Execution (Picture of Success)SAP Customer Experience
 
The Consumer-Driven Digital Economy: Creating value in a digital world where ...
The Consumer-Driven Digital Economy: Creating value in a digital world where ...The Consumer-Driven Digital Economy: Creating value in a digital world where ...
The Consumer-Driven Digital Economy: Creating value in a digital world where ...SAP Customer Experience
 
How to create Magic Moments for your customers with Process Mining
How to create Magic Moments for your customers with Process MiningHow to create Magic Moments for your customers with Process Mining
How to create Magic Moments for your customers with Process MiningSAP Customer Experience
 
Empower Store Associates with Mobile Apps to Reinvent the In-Store Experience
Empower Store Associates with Mobile Apps to Reinvent the In-Store ExperienceEmpower Store Associates with Mobile Apps to Reinvent the In-Store Experience
Empower Store Associates with Mobile Apps to Reinvent the In-Store ExperienceSAP Customer Experience
 
Unleash Your B2X Potential with Flieger Plug & Play Based on SAP Hybris Solut...
Unleash Your B2X Potential with Flieger Plug & Play Based on SAP Hybris Solut...Unleash Your B2X Potential with Flieger Plug & Play Based on SAP Hybris Solut...
Unleash Your B2X Potential with Flieger Plug & Play Based on SAP Hybris Solut...SAP Customer Experience
 
Data-Driven Desicision-Making with Mindray Medical International Co.
Data-Driven Desicision-Making with Mindray Medical International Co.Data-Driven Desicision-Making with Mindray Medical International Co.
Data-Driven Desicision-Making with Mindray Medical International Co.SAP Customer Experience
 
Protect Sponsorship Business Value by Measuring What You Pay For
Protect Sponsorship Business Value by Measuring What You Pay ForProtect Sponsorship Business Value by Measuring What You Pay For
Protect Sponsorship Business Value by Measuring What You Pay ForSAP Customer Experience
 
Monetizing Microsoft High Volume Revenue using SAP Hybris Billing
Monetizing Microsoft High Volume Revenue using SAP Hybris BillingMonetizing Microsoft High Volume Revenue using SAP Hybris Billing
Monetizing Microsoft High Volume Revenue using SAP Hybris BillingSAP Customer Experience
 
Grupo DIA advancing digital transformation
Grupo DIA advancing digital transformationGrupo DIA advancing digital transformation
Grupo DIA advancing digital transformationSAP Customer Experience
 
Grupo DIA advancing digital transformation
Grupo DIA advancing digital transformationGrupo DIA advancing digital transformation
Grupo DIA advancing digital transformationSAP Customer Experience
 
Fuel Trusted Customer Relationships with Personalization, Preference & Privacy
Fuel Trusted Customer Relationships with Personalization, Preference & PrivacyFuel Trusted Customer Relationships with Personalization, Preference & Privacy
Fuel Trusted Customer Relationships with Personalization, Preference & PrivacySAP Customer Experience
 
Improve Customer Experience in the Cognitive and 5G Era
Improve Customer Experience in the Cognitive and 5G EraImprove Customer Experience in the Cognitive and 5G Era
Improve Customer Experience in the Cognitive and 5G EraSAP Customer Experience
 

Mais de SAP Customer Experience (20)

See Your Business Take Off with SAP® Leonardo
See Your Business Take Off with SAP® LeonardoSee Your Business Take Off with SAP® Leonardo
See Your Business Take Off with SAP® Leonardo
 
The Top Trends Shaping CX in 2019
The Top Trends Shaping CX in 2019The Top Trends Shaping CX in 2019
The Top Trends Shaping CX in 2019
 
Personalization through Contextual Marketing
Personalization through Contextual MarketingPersonalization through Contextual Marketing
Personalization through Contextual Marketing
 
Omnichannel Master Class with TJ Chandler, Pragmatist
Omnichannel Master Class with TJ Chandler, PragmatistOmnichannel Master Class with TJ Chandler, Pragmatist
Omnichannel Master Class with TJ Chandler, Pragmatist
 
Omnichannel and the Future: Master Class with Anders Sörman-Nilsson
Omnichannel and the Future: Master Class with Anders Sörman-NilssonOmnichannel and the Future: Master Class with Anders Sörman-Nilsson
Omnichannel and the Future: Master Class with Anders Sörman-Nilsson
 
Engaging the Digital Connected Customer - with Albert Yip
Engaging the Digital Connected Customer - with Albert Yip Engaging the Digital Connected Customer - with Albert Yip
Engaging the Digital Connected Customer - with Albert Yip
 
How to create a frictionless customer experience
How to create a frictionless customer experienceHow to create a frictionless customer experience
How to create a frictionless customer experience
 
The Perfect Store Execution (Picture of Success)
The Perfect Store Execution (Picture of Success)The Perfect Store Execution (Picture of Success)
The Perfect Store Execution (Picture of Success)
 
The Consumer-Driven Digital Economy: Creating value in a digital world where ...
The Consumer-Driven Digital Economy: Creating value in a digital world where ...The Consumer-Driven Digital Economy: Creating value in a digital world where ...
The Consumer-Driven Digital Economy: Creating value in a digital world where ...
 
How to create Magic Moments for your customers with Process Mining
How to create Magic Moments for your customers with Process MiningHow to create Magic Moments for your customers with Process Mining
How to create Magic Moments for your customers with Process Mining
 
Empower Store Associates with Mobile Apps to Reinvent the In-Store Experience
Empower Store Associates with Mobile Apps to Reinvent the In-Store ExperienceEmpower Store Associates with Mobile Apps to Reinvent the In-Store Experience
Empower Store Associates with Mobile Apps to Reinvent the In-Store Experience
 
Unleash Your B2X Potential with Flieger Plug & Play Based on SAP Hybris Solut...
Unleash Your B2X Potential with Flieger Plug & Play Based on SAP Hybris Solut...Unleash Your B2X Potential with Flieger Plug & Play Based on SAP Hybris Solut...
Unleash Your B2X Potential with Flieger Plug & Play Based on SAP Hybris Solut...
 
Data-Driven Desicision-Making with Mindray Medical International Co.
Data-Driven Desicision-Making with Mindray Medical International Co.Data-Driven Desicision-Making with Mindray Medical International Co.
Data-Driven Desicision-Making with Mindray Medical International Co.
 
Protect Sponsorship Business Value by Measuring What You Pay For
Protect Sponsorship Business Value by Measuring What You Pay ForProtect Sponsorship Business Value by Measuring What You Pay For
Protect Sponsorship Business Value by Measuring What You Pay For
 
Monetizing Microsoft High Volume Revenue using SAP Hybris Billing
Monetizing Microsoft High Volume Revenue using SAP Hybris BillingMonetizing Microsoft High Volume Revenue using SAP Hybris Billing
Monetizing Microsoft High Volume Revenue using SAP Hybris Billing
 
Grupo DIA advancing digital transformation
Grupo DIA advancing digital transformationGrupo DIA advancing digital transformation
Grupo DIA advancing digital transformation
 
Grupo DIA advancing digital transformation
Grupo DIA advancing digital transformationGrupo DIA advancing digital transformation
Grupo DIA advancing digital transformation
 
Fuel Trusted Customer Relationships with Personalization, Preference & Privacy
Fuel Trusted Customer Relationships with Personalization, Preference & PrivacyFuel Trusted Customer Relationships with Personalization, Preference & Privacy
Fuel Trusted Customer Relationships with Personalization, Preference & Privacy
 
Explore the Impact of AI on E-Commerce
Explore the Impact of AI on E-CommerceExplore the Impact of AI on E-Commerce
Explore the Impact of AI on E-Commerce
 
Improve Customer Experience in the Cognitive and 5G Era
Improve Customer Experience in the Cognitive and 5G EraImprove Customer Experience in the Cognitive and 5G Era
Improve Customer Experience in the Cognitive and 5G Era
 

Protect Your Customers Data from Cyberattacks

  • 1. PUBLIC . Run Secure. Andreas Gloege,SAP October2017 Protect Your Customers’ Data from Cyberattacks
  • 2. 2PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Existing network and perimeter based security is insufficient 1 2 3 4 5 6 7 8 Backend Systems 84% of breaches exploit vulnerabilities in the application layer Yet [the ratio of spending between perimeter security and application security is 23-to-1] - Gartner Maverick Research:Stop Protecting Your Apps;It’s Time forApps to ProtectThemselves (2014)
  • 3. 3PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Security failures create big problems http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ 20042017 92% of companies have experienced commercial consequences as a result of a data breach Source: Gemalto Breach Level Index, The Reality of Data Breaches in 2016 “
  • 4. 4PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Your software is everywhere How can you be sure your highly accessible applications are also highly secure? Grown over the years Complex Built on changing requirements Created based on different development paradigms Optimized for performance Extended, but not reinvented You software has a history
  • 5. 5PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ It pays to discover issues prior to release Identifying the critical bugs earlier in the lifecycle reduced costs by $2.3M USD* *Source: OWASP, Application Security Guide for CISOs, November 2013 Today’s approach is expensive and reactive
  • 6. 6PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ It pays to discover issues prior to release Identifying the critical bugs earlier in the lifecycle reduced costs by $2.3M USD* *Source: OWASP, Application Security Guide for CISOs, November 2013 The right approach is systematic and proactive
  • 7. 7PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ SAP is in the business of securing our customers’ business Over 300,000 customers depend on SAP. From an attacker’s standpoint, SAP is one of the most valuable applications to gain access to. Since the start of the Application Security Initiative, SAP had performed static analysis on approximately 178 million lines of code using SAP Fortify by HPE. Hybris is using SAP Fortify by HPE to scan the standard code SAP delivers to our customers. SAP Product Development is using SAP CVA to scan more than 500 million lines of code for the standard products which are delivered to our customers. Justin Somaini, SAP Chief Security Officer SAP on-premise software development systems ~8,500 SAP internal business systems ~40 SAP cloud development systems ~500
  • 8. Technological advancement is outpacing security. If our digital economy is to thrive, our commitment to cybersecurity must match our commitment to innovation. Source: Commission on Enhancing National Cybersecurity, Report on Securing and Growing the Digital Economy “
  • 9. 9PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ End-to-end application security solution for SAP Hybris Dynamic application security testing Static application security testing Find vulnerabilities in the running application Manual application penetration testing Automated application vulnerability scanning Find vulnerabilities analyzing the sources Automated source code analysis Manual source code review SAP Fortify by HPE SAP NetWeaver Application Server, add-on for code vulnerability analysis (CVA) Back-End ABAP system Finding security issues at design time instead of in production is easier and less expensive! Management platform for governance, reporting, auditing, analysis SAP Fortify integrates with CVA
  • 10. 10PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Build secure Hybris solutions from the start Stay Safe with Application Security Testing SAP Fortify by HPE and SAP Code Vulnerability Analyzer • Comprehensive:Full SDLC coverage, including SAST, DAST, IAST, and RASP. One of the strongest and most innovative SDLC integrations, with DevInspect and Security Assistant. • Proven:With over a decade of successful deployments, and backed by the largest security research team. • Leader:Since 2009, it has been a leader in Gartner’s Magic Quadrant for Application Security Testing (AST). • Watch the video Why SAP Fortify by HPE is the best choice to manage risk across your enterprise: • Leverage tools that are already integrated into the standard SAP ABAP development infrastructure for easy consumption – no additional installations required. • Provide developers with extensive documentation to support speedy security fixes. • Meet the compliance and automation requirements of your software quality assurance teams. • Watch the video Why SAP Code Vulnerability Analyzer is the best choice to manage risk across your ABAP applications: Sources 1. “Cyber Risk Report2013”, HP Security Research,February2014. 2. “2014 Gartner Magic Quadrant for Application Security Testing.” Gartner, July 1, 2014. 56% 75% 84% of weaknesses reveal information about applications, implementations, or users.3 of mobile applications fail basic security tests.2 of breaches occur at the application layer.1 Fortify and CVA Integration
  • 11. Thank you. Contact information: Andreas Gloege Director, Quality and Security Assurance SAP America, Inc. Andreas.Gloege@sap.com Deeper Dive Session in Focus Area: Technology Session ID 53267 Thursday, October19, 2017 11:15 AM-12:15PM CC7.06 [474458] Thursday, October19, 2017 3:00 PM-4:00 PM CC7.05 [474456] Build secure codefrom within – securing yourcode againstcyberattacks Abstract:A deeperdive of the Micro Theater session“ProtectYour Customers’Data from Cyberattacks”.More than 80 percentof successfulbreaches target vulnerabilities in the application layer, and here you will see demonstrations on how you can keep your code from being a statistic. . Run Secure.
  • 12. 13PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Today’s approach is expensive and reactive Somebody builds bad software In-house Outsourced Commercial Open source IT deploys the bad software 1 2 Breach or pen test proves our code is bad 3 We convince and pay developers to fix it 4 Customization to SAP Hybris
  • 13. 14PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Today’s approach is expensive and reactive It pays to discover issues prior to release Cost of fixing vulnerabilities EARLY Cost of fixing vulnerabilities LATER Stage Critical bugs identified Cost of fixing one bug Cost of fixing all bugs Requirements $139 Design $455 Coding 200 $977 $195,400 Testing $7,136 Production $14,102 Total 200 $195,400 Stage Critical bugs identified Cost of fixing one bug Cost of fixing all bugs Requirements $139 Design $455 Coding $977 Testing 50 $7,136 $356,800 Production 150 $14,102 $2,115,300 Total 200 $2,472,100 Identifying the critical bugs earlier in the lifecycle reduced costs by US$2.3 million Source: OWASP, Application Security Guide for CISOs, November 2013
  • 14. 15PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ It pays to discover issues prior to release Identifying the critical bugs earlier in the lifecycle reduced costs by $2.3M USD Source: OWASP, Application Security Guide for CISOs, November 2013
  • 15. 16PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ The right approach is systematic and proactive People – Process - Technology Leverage security gate to validate resiliency of internal or external code before production Protect software running in production through continuous validation 2 3 This is application security and quality Improve SoftwareDevelopmentLife Cycle policies Embed security into system development lifecycle (SDLC) process In-house Outsourced Commercial Open source 1