Codeprofiler

Virtual Forge CodeProfiler is a commercial static code analysis tool for SAP's business programming language ABAP. It is developed by Virtual Forge, a security company based in Heidelberg, Germany.
CodeProfiler makes use of static analysis technology in order to support security experts, software developers and QA testers regarding software testing, software maintenance and process improvement. It analyzes ABAP code for common security defects and computes metrics about the analyzed code.
CodeProfiler was officially released in September 2008.
Supported ABAP programming paradigms / UI technologies
*Function Modules
*Programs
*Classes
*Dynpros
*Business Server Pages (BSP)
*Web Dynpro for ABAP.
Typical defects in ABAP coding include
*Missing authority checks before CALL TRANSACTION
*ABAP command execution
*Hard-coded authorizations
*Missing authority checks in RFC enabled functions
*Unmanaged database access
*OS command injection
*Generic table access
*SQL Injection
*Cross Site Scripting
 
< Prev   Next >