Apparatus and method for detecting, prioritizing and fixing security defects and compliance violations in SAP® ABAP™ code
US8402547B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 11, 2011 |
| Grant date | Mar 19, 2013 |
| Priority date | — |
| Expiry date | Aug 26, 2031 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1416
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A static code analysis (SCA) tool, apparatus and method detects, prioritizes and fixes security defects and compliance violations in SAP® ABAP™ code. The code, meta information and computer system configuration settings are transformed into an interchangeable format, and parsed into an execution model. A rules engine is applied to the execution model to identify security and compliance violations. The rules engine may include information about critical database tables and critical SAP standard functions, and the step of applying the rules engine to the execution model may include the calculation of specific business risks or whether a technical defect has a business-relevant impact. In particular, an asset flow analysis may be used to determine whether critical business data is no longer protected by the computer system. Such critical business data may include credit or debit card numbers, financial data or personal data.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.