09-12-2007 7:51 PM
My company is planning on using third-party ABAP development services and because if this, a concern has been raised about the risk of malicious code being inserted into delivered code.
The question has been raised -- Is there a product that can scan ABAP code looking for known vulnerabilities? Any pointers or suggestions are appreciated.
Thanks in advance.
09-12-2007 9:04 PM
Hi Joseph,
Interesting question - I don't recall seeing anything on the market for this, though maybe someone in the ABAP forum may have a better idea.
A previous client in a similar situation went through code review to try and catch obvious stuff but that's not exactly infallible.
Good luck in finding a solution & let us know if you find anything.
Cheers
Alex
09-14-2007 3:53 PM
I've answered the same question on the asug.com site.
If you're an ASUG member, you can read the thread here:
Briefly, perhaps try transaction SCI.
Jim