CodeProfiler Import Wizard

Purpose

You can start this application-specific wizard on the Wizards tab when you have selected an application in the navigation area.

Instead of using the CodeProfiler Import Wizard, you can also use Vulnerability Management for more advanced configuration.

The CodeProfiler Import Wizard automatically creates a ruleset based on a vulnerability report generated by the CodeProfiler application security analyzer from Virtual Forge (a vulnerability scanner for SAP (ABAP) applications).

The rules are based on the reported vulnerabilities on the one hand, and on the baseline rulesets on the other hand (see Baseline Protection). This provides instant protection for a vulnerable application.

ATTENTION
The CodeProfiler Import Wizard was not designed to guarantee long-time protection of vulnerable applications. If analysis revealed some attack vectors, fix these problems as soon as possible. Use the rules created by the CodeProfiler Import Wizard only for interim protection.

For more information regarding Wizards, see Using Wizards to Configure Applications.

Prerequisites

In order to be able to use the wizard, you must have a vulnerability report file that was generated by the CodeProfiler software from Virtual Forge.

Attributes

Attribute Meaning

CodeProfile XML File Upload

Here you can upload the CodeProfiler vulnerability report file to vWAF:

  1. Click the Browse button and select the file.
  2. Click the Submit File button.
  3. Once the file has been successfully transferred, the message "upload finished" appears underneath the input box.
  4. Press the Next button in the wizard to continue.

Handlers configured by the CodeProfiler Import Wizard

The CodeProfiler Import Wizard configures different handlers, based on the vulnerabilities listed in the vulnerability report file, and on the corresponding rules given by the current baselines.