An increasing number of software solutions are built to identify data leaks in productive (operational) software programs. These solutions monitor and analyze network traffic (data) during the operation of the program(s) and try to categorize or identify critical data. If all (relevant) network traffic is analyzed correctly, this may, for example, protect against disclosure of confidential information (e.g. credit card numbers) to unauthorized parties.
The general term for this approach is called “Data Loss Prevention” (DLP, also known as “Data Leak Prevention”), and implementing DLP solutions is becoming popular in the information technology (IT) space. However the general concepts upon which current DLP solutions are based have several disadvantages and shortcomings.
DLP solutions look for data leaks, but existing tools work by monitoring data in motion. This requires that the applications that are to be monitored are running and that the solution has direct text access to all network traffic.
Existing DLP tools monitor data that is interchanged between users and/or applications over a network. In order to analyze network traffic, a sensor needs to be deployed per data channel. Identification of critical data is based on heuristic rather than firm information. This can lead to false positives if meaningless data has the same format as critical data. This may also lead to false negatives, if critical data is extracted in a modified or scrambled form the heuristic does not understand, or if the heuristic has a bug. With existing solutions only running/productive applications can be monitored. If the data analysis fails, there is no second chance to prevent data loss. Users that operate DLP solutions may see the critical/confidential data that has been detected, which may raise further sensitive issues.
ABAP (Advanced Business Application Programming) is a high-level programming language created by the German software company SAP. It is currently positioned, alongside the more recently introduced Java, as the language for programming the SAP Application Server, part of the NetWeaver platform for building business applications. Analyzing SAP applications for data leaks is critical for several reasons. First, SAP applications process the key assets of an organization, such as personal data, production data (intellectual property) and financial data. If this data is leaked to unauthorized parties, the affected company may fall prey to industrial espionage, receive bad press or even violate (privacy) laws. In addition, SAP applications are increasingly connected to external systems and are (remote) accessible by a continuously growing user base. As such, the exposure of SAP systems has grown. A large amount of SAP custom coding is outsourced, and this code must be analyzed for data leaks and “backdoors.” SAP applications are more and more in the focus of hackers, which increases the likelihood of attacks.