By implementing modern methods (such as agile software development) in creating their business applications, companies can accommodate the short-notice requirements of their internal and external customers in faster, more flexible ways. This in turn leads to shorter projects and lower costs in providing new applications and functions. On the other hand, however, failing to subject new or more established applications to sufficient security checks can expose a company to increased risks. Vulnerabilities in business applications can, after all, result in the loss or theft of sensitive data. This applies in particular to companies that develop many of their own applications or customize standard software.
"Software security is a major challenge in development projects," affirms Andreas Wiegenstein, CTO at Virtual Forge." Very few teams succeed in writing secure and stable code while dealing with the pressures of staying on schedule." This statement is borne out by a Business Code Quality Benchmark Virtual Forge has compiled on over 200 SAP customer systems. "That's why companies use our CodeProfiler solution to scan all of their custom SAP ABAP developments for critical quality and security flaws. They can then immediately identify faulty code and correct it thanks to our innovative technologies, which can now be automated in many areas," Wiegenstein continues. "This protects our customers in terms of SAP software - but what happens with critical security holes in non-SAP applications that access critical data in SAP and other systems?"
In Wiegenstein's view, the importance of a given application's purpose is not necessarily as crucial as assessing its serious vulnerabilities in the intended area of use. If hackers could potentially exploit the holes in vulnerable web applications to gain access to a company's network and other critical systems, for example, the company's overall risk situation can be described as acute.
Such circumstances require an effective solution capable of keeping an eye on the company's entire application portfolio, evaluating serious vulnerabilities in a standardized fashion (independently of the development environment at hand), and tracking efforts to eliminate them. The Denim Group offering ThreadFix follows just such an approach.
ThreadFix is designed to aid a wide range of application and security managers in finding a common framework for prioritizing and eliminating software risks. They can then reach important security and quality milestones in their projects with optimal support from all of the application security management processes in place.
Along with its extensive integration of leading static and dynamic code-scanning solutions, ThreadFix is unique in the way it automatically collects, consolidates, and displays the results of scans in a standardized format. To facilitate the prioritization of vulnerabilities in customers' own SAP ABAP applications, for instance, the solution incorporates the findings produced by Virtual Forge CodeProfiler. ThreadFix thus offers a central overview of the risk situations in a variety of business applications and aids managers in making informed decisions.
Interested in learning more about ThreadFix and how it incorporates the benefits of Virtual Forge CodeProfiler? Get in touch with us here.