Why SAP customers need DevSecOps now more than ever
Setting DevSecOps goals are a key component for aligning mission-critical application functionality with business needs. However, these goals create challenges for teams supporting SAP mission-critical applications. With multiple technologies, architectures, and a lack of unified development sets, SAP application developers handle changes through manual coding and change processes.
Errors in custom code can create quality, security, and compliance issues that impact application integrity and open the door to vulnerabilities. In fact, research shows there is more than one security or compliance issue per 1,000 lines of ABAP code, with a typical SAP environment averaging 2,150 issues. An analysis to find mistakes in SAP custom code should be mandatory but doesn’t always occur. Secure coding is seldom taught, and pre-production analysis is rare. This type of automated code analysis during development, or at least integration into the dev environment, is only used by a small set of SAP customers.
During this presentation, Onapsis CTE, Fred Weidermann, will explain why the DevSecOps process is core to continuous improvement in mission-critical applications. Perez-Etchegoyen will explain the steps needed to ensure SAP application availability, avoid costly repairs, eliminate downtime, establish a security baseline, and continuously monitor for misconfigurations and vulnerabilities.
Attend this session to understand how a robust DevSecOps process can:
- Help accelerate application delivery and key projects, such as SAP S/4HANA transformation and cloud migrations
- Find and fix security, compliance, and quality issues in custom code and transports that could impact performance, availability, and uptime
- Avoid critical issues that can result in delays or rework by checking code, transports, and package completion prior to release
- Analyze code, transports, configurations, and authorizations against established baselines throughout the SDLC
- Help continuously monitor for risks, suspicious activity, and other threats to ensure applications remain protected and compliant once in production