PortSwigger, a prominent application security software provider, has announced a strategic partnership with SAP, the global enterprise software leader, to enhance the security of SAP’s web applications. This collaboration will see SAP’s Sovereign Cloud Services (SCS) integrate PortSwigger’s Burp Suite Enterprise Edition, a leading Dynamic Application Security Testing (DAST) platform, into its security framework.
SAP’s SCS encompasses a wide array of services, including multi-tenant Platform-as-a-Service (PaaS) and single-tenant Software-as-a-Service (SaaS) solutions. The integration of Burp Suite Enterprise Edition aims to fortify the security of various SAP offerings, such as ARIBA, Business Technology Platform (BTP), Fieldglass, Gardener, HANA Cloud (HCLD), Human Experience Management (HXM), Identity Authentication Services (IAS), Integrated Business Planning (IBP), PAYROLL, S/4HANA Private Cloud Edition (PCE), SAP Analytics Cloud (SAC), and Shared Management Services (SMS).
Given the diverse and complex architectures of SAP’s deployments across restricted cloud environments, the need for a robust DAST solution that meets regional security requirements in countries like Australia, Canada, the United States, and the United Kingdom was paramount. PortSwigger’s Burp Suite Enterprise Edition was selected to address these challenges, providing automated scanning capabilities and seamless integration into SAP’s Continuous Integration (CI) pipelines. This approach ensures efficient and accurate security coverage across SAP’s global application portfolio, embedding security into development processes and offering a comprehensive understanding of each region’s security posture.
Alijohn Ghassemlouei, Senior Director of Engineering for Sovereign Cloud at SAP, emphasised the significance of this partnership: “By partnering with PortSwigger and adopting Burp Suite’s DAST solution, we are able to satisfy regional security requirements across multiple countries at scale, through automation, and with the lowest false positives.”
Dafydd Stuttard, founder and CEO of PortSwigger, highlighted the collaborative nature of the partnership: “By integrating Burp Suite’s powerful DAST scanning technology into SAP’s processes, we are proud to support their commitment to delivering secure, high-quality web applications for their global customer base.”
This alliance not only strengthens SAP’s security infrastructure but also provides PortSwigger with valuable insights into securing extensive portfolios of applications and APIs. The exchange of expertise is poised to influence future enhancements to Burp Suite Enterprise Edition, ensuring it continues to address evolving security challenges and deliver cutting-edge solutions for all customers.
Burp Suite Enterprise Edition is renowned for its automated web vulnerability scanning capabilities, enabling enterprises to scale security across their web assets and achieve DevSecOps integration. Its deployment within SAP’s ecosystem signifies a proactive approach to safeguarding web applications amidst an increasingly complex digital landscape.
As cyber threats continue to evolve, partnerships like this underscore the importance of collaborative efforts in fortifying digital infrastructures. By leveraging PortSwigger’s advanced security tools, SAP reaffirms its dedication to providing secure and reliable solutions to its clientele, particularly within regulated and federal industries.
This development marks a significant milestone in the realm of enterprise software security, setting a precedent for future collaborations aimed at enhancing the resilience of web applications globally.
