UkrSibBank analyzed contents of a product code of SAP

On November 6, 2014 the Technoserv Ukraine company and Digital Security company announced end of the joint project on audit of the ABAP code of SAP systems in UkrSibBank.

Project Progress

As methodical base for carrying out audit specialists "Technoserv Ukraine" and Digital Security used the recommendations of SAP company about safe development of programs on ABAP - "SAP security recommendations protecting Java - and ABAP based SAP applications against common attacks" and also Digital Security techniques in search span and the analysis of vulnerabilities. Within the project specialists of the partner companies held testing of source codes of applications regarding compliance to these recommendations and also on existence of the other vulnerabilities which are not included in the basic set provided by SAP company, but, nevertheless, dangerous.

Specialists carried out the assessment of lack of authorization on access, existence of vulnerabilities of different classes, estimated performance of the code and its quality. Based on audit the report for the management of UkrSibBank is made.

Project Results

"During the analysis of security of the ABAP code was vulnerabilities of different degree of criticality are revealed. It should be noted that similar vulnerabilities are characteristic of many companies as at implementation of ERP systems developers first of all think of a functional component of programs, than over their security or performance. For this reason we recommend to make the periodic analysis of the programs executed in a SAP landscape", - Dmitry Chastukhin, the director of the department of audit of SAP of Digital Security company noted.

"During the project "Technoserv Ukraine" and Digital Security was made by specialists not only the analysis of vulnerabilities, but also their ranging on a priority and criticality for the SAP systems of UkrSibBank is made and also the most effective recommendations for specialists of bank about security for their elimination and increase in security of systems are prepared, - Oleg Bashinsky, the commercial director "Technoserv Ukraine" emphasized. – As a result of the work done by our specialists, all critical vulnerabilities can be eliminated in the shortest possible time".

"UkrSibBank received service of the high level in control of security of independently developed program code for a system SAP for Banking, – told Andrey Morshnev, the chief of Information Security Service UkrSibBank of BNP Paribas Group. – The revealed problems and shortcomings will allow us not only to eliminate the current vulnerabilities, but also to create methodology of independent permanent process of control. Finally, clients of bank received, and further can expect the high level of security of the means and the services provided by bank. This level 10 times more, than was before integration UkrSibBank into the largest international group BNP Paribas. Thus, on behalf of the companies "Technoserv" and Digital Security we purchased new reliable partners with high quality of level of the provided services".