摘要 |
A static code analysis (SCA) tool, apparatus and method detects, prioritizes and fixes security defects and compliance violations in SAP® ABAP™ code. The code, meta information and computer system configuration settings are transformed into an interchangeable format, and parsed into an execution model. A rules engine is applied to the execution model to identify security and compliance violations. The rules engine may include information about critical database tables and critical SAP standard functions, and the step of applying the rules engine to the execution model may include the calculation of specific business risks or whether a technical defect has a business-relevant impact. In particular, an asset flow analysis may be used to determine whether critical business data is no longer protected by the computer system. Such critical business data may include credit or debit card numbers, financial data or personal data. |