Integrate Security into the Development of SAP HANA Applications · PDF file ·...
Transcript of Integrate Security into the Development of SAP HANA Applications · PDF file ·...
![Page 1: Integrate Security into the Development of SAP HANA Applications · PDF file · 2017-03-16Integrate Security into the Development of SAP HANA Applications . ... o SAP HANA Studio](https://reader030.fdocuments.in/reader030/viewer/2022021504/5aafc69b7f8b9a25088de6fd/html5/thumbnails/1.jpg)
Powered by Virtual Forge Solutions:
Integrate Security into the Development of SAP HANA Applications
![Page 2: Integrate Security into the Development of SAP HANA Applications · PDF file · 2017-03-16Integrate Security into the Development of SAP HANA Applications . ... o SAP HANA Studio](https://reader030.fdocuments.in/reader030/viewer/2022021504/5aafc69b7f8b9a25088de6fd/html5/thumbnails/2.jpg)
Introduction
Product Owner and Developer of CodeProfiler for HANA
Many years of practical experience in security engineering and software
development
High performance computing and distributed systems
Practical cryptographic systems
Secure programming in Java and C
2
Dr. Yun Ding
![Page 3: Integrate Security into the Development of SAP HANA Applications · PDF file · 2017-03-16Integrate Security into the Development of SAP HANA Applications . ... o SAP HANA Studio](https://reader030.fdocuments.in/reader030/viewer/2022021504/5aafc69b7f8b9a25088de6fd/html5/thumbnails/3.jpg)
Developing SAP HANA applications is challenging
New programming languages: SQLScript, XSJS JavaScript, SAPUI5,
Node.js…
New development environments: SAP HANA Studio, Web IDE, …
CodeProfiler for SAP HANA (CP4H)
Detects software errors in early stages of development:
reduces cost to repair defects
Integrates into different stages of development lifecycle
Currently scans SQLScript and XSJS JavaScript
Integrated into Eclipse and SAP HANA Studio
3
![Page 4: Integrate Security into the Development of SAP HANA Applications · PDF file · 2017-03-16Integrate Security into the Development of SAP HANA Applications . ... o SAP HANA Studio](https://reader030.fdocuments.in/reader030/viewer/2022021504/5aafc69b7f8b9a25088de6fd/html5/thumbnails/4.jpg)
Poll question 1
Which languages are most important for your HANA applications?
o SQLScript
o XSJS JavaScript
o SAPUI5
o Node.js
o Others
4
![Page 5: Integrate Security into the Development of SAP HANA Applications · PDF file · 2017-03-16Integrate Security into the Development of SAP HANA Applications . ... o SAP HANA Studio](https://reader030.fdocuments.in/reader030/viewer/2022021504/5aafc69b7f8b9a25088de6fd/html5/thumbnails/5.jpg)
Poll question 2
Which development environment do you use?
o Eclipse + SAP HANA Tools
o SAP HANA Studio
o SAP HANA Web-based Development Workbench
o SAP Web IDE Personal Edition
o SAP Web IDE for SAP HANA
5
![Page 6: Integrate Security into the Development of SAP HANA Applications · PDF file · 2017-03-16Integrate Security into the Development of SAP HANA Applications . ... o SAP HANA Studio](https://reader030.fdocuments.in/reader030/viewer/2022021504/5aafc69b7f8b9a25088de6fd/html5/thumbnails/6.jpg)
Components of CodeProfiler 4 HANA
6
Implementation Testing Transition Requirement Maintenance Design
Batch Scanner Eclipse plugin Finding Manager
Transport Management
System Integration
![Page 7: Integrate Security into the Development of SAP HANA Applications · PDF file · 2017-03-16Integrate Security into the Development of SAP HANA Applications . ... o SAP HANA Studio](https://reader030.fdocuments.in/reader030/viewer/2022021504/5aafc69b7f8b9a25088de6fd/html5/thumbnails/7.jpg)
7
Architecture
Eclipse Plugin
Batch Scanner
HANA Server
export HANA packages
Finding Manager
upload scan results
TMS Integration
query scan results
![Page 8: Integrate Security into the Development of SAP HANA Applications · PDF file · 2017-03-16Integrate Security into the Development of SAP HANA Applications . ... o SAP HANA Studio](https://reader030.fdocuments.in/reader030/viewer/2022021504/5aafc69b7f8b9a25088de6fd/html5/thumbnails/8.jpg)
CP4H Eclipse Plugin
“Spell check” in Eclipse editor (Luna, Mars, Neon)
8
Automatically scans
single files
Instant feedback
Recursively scans
multiple complete
HANA packages
Creates PDF reports
![Page 9: Integrate Security into the Development of SAP HANA Applications · PDF file · 2017-03-16Integrate Security into the Development of SAP HANA Applications . ... o SAP HANA Studio](https://reader030.fdocuments.in/reader030/viewer/2022021504/5aafc69b7f8b9a25088de6fd/html5/thumbnails/9.jpg)
CP4H Batch Scanner
9
Repeated scanning of large number of HANA systems in the console
GUI for building the configuration file
Exports scan results in PDF, XML, CSV, …
Uploads scan results to Finding Manager
![Page 10: Integrate Security into the Development of SAP HANA Applications · PDF file · 2017-03-16Integrate Security into the Development of SAP HANA Applications . ... o SAP HANA Studio](https://reader030.fdocuments.in/reader030/viewer/2022021504/5aafc69b7f8b9a25088de6fd/html5/thumbnails/10.jpg)
CP4H Batch Scanner
HTTPS connections to HANA servers
10
![Page 11: Integrate Security into the Development of SAP HANA Applications · PDF file · 2017-03-16Integrate Security into the Development of SAP HANA Applications . ... o SAP HANA Studio](https://reader030.fdocuments.in/reader030/viewer/2022021504/5aafc69b7f8b9a25088de6fd/html5/thumbnails/11.jpg)
CP4H Batch Scanner
11
Encrypts plaintext credentials in the configuration with password
based encryption (PBKDF2)
![Page 12: Integrate Security into the Development of SAP HANA Applications · PDF file · 2017-03-16Integrate Security into the Development of SAP HANA Applications . ... o SAP HANA Studio](https://reader030.fdocuments.in/reader030/viewer/2022021504/5aafc69b7f8b9a25088de6fd/html5/thumbnails/12.jpg)
Finding Manager
12
Client side: browser based, SAPUI5 application
Server side: persists findings and audit trail in SAP HANA database,
XSJS JavaScript
Role-based access control for auditing of findings
![Page 13: Integrate Security into the Development of SAP HANA Applications · PDF file · 2017-03-16Integrate Security into the Development of SAP HANA Applications . ... o SAP HANA Studio](https://reader030.fdocuments.in/reader030/viewer/2022021504/5aafc69b7f8b9a25088de6fd/html5/thumbnails/13.jpg)
Workflow of CP4H TMS Integration
13
Quality OK?
Target HANA System (QA/Production)
Source HANA System (Development)
1. Release transport
CTS+ with CP4H TMS Integration
2. Automatic scan by CP4H
3a. Yes: allow transport
3b. No: reject transport
QA
![Page 14: Integrate Security into the Development of SAP HANA Applications · PDF file · 2017-03-16Integrate Security into the Development of SAP HANA Applications . ... o SAP HANA Studio](https://reader030.fdocuments.in/reader030/viewer/2022021504/5aafc69b7f8b9a25088de6fd/html5/thumbnails/14.jpg)
CP4H TMS Integration
Releases or blocks transport requests based on scan status
14
ADMIN
ADMIN
ADMIN
CP4H Scan Service
Scanner JCO
Enhancements of the CTS+ Transport Organizer
Asynchronous processing of scan requests
Queuing, multiple parallel running CP4H scanners
![Page 15: Integrate Security into the Development of SAP HANA Applications · PDF file · 2017-03-16Integrate Security into the Development of SAP HANA Applications . ... o SAP HANA Studio](https://reader030.fdocuments.in/reader030/viewer/2022021504/5aafc69b7f8b9a25088de6fd/html5/thumbnails/15.jpg)
Enhancement of Transport Organizer
15
![Page 17: Integrate Security into the Development of SAP HANA Applications · PDF file · 2017-03-16Integrate Security into the Development of SAP HANA Applications . ... o SAP HANA Studio](https://reader030.fdocuments.in/reader030/viewer/2022021504/5aafc69b7f8b9a25088de6fd/html5/thumbnails/17.jpg)
Disclaimer
© 2017 Virtual Forge GmbH. All rights reserved.
Information contained in this publication is subject to change without prior notice.
These materials are provided by Virtual Forge and serve only as information.
SAP, ABAP and other named SAP products and services as well as their respective logos are trademarks or
registered trademarks of SAP AG in Germany and other countries worldwide.
All other names of products and services are trademarks of their respective companies.
Virtual Forge accepts no liability or responsibility for errors or omissions in this publication. From the
information contained in this publication, no further liability is assumed. No part of this publication may be
reproduced or transmitted in any form or for any purpose without the express permission of Virtual Forge
GmbH, Germany or Virtual Forge Inc. The General Terms and Conditions of Virtual Forge apply.
![Page 18: Integrate Security into the Development of SAP HANA Applications · PDF file · 2017-03-16Integrate Security into the Development of SAP HANA Applications . ... o SAP HANA Studio](https://reader030.fdocuments.in/reader030/viewer/2022021504/5aafc69b7f8b9a25088de6fd/html5/thumbnails/18.jpg)