Is anyone aware of a tool that can scan Progress code for vulnerabilities? For example, the tool "Vericode" can scan code at the binary level for error messages that might give hackers clues about how to access a system such as "Your user name is XYZ" etc. Is there any product that scans Progress code like this?
I may be wrong, but I don't think there are any off-the-shelf tools to do security scans of OpenEdge code. The OpenEdge plugin for SonarQube does static code analysis for OpenEdge procedures / classes, but there are no rules scanning for vulnerabilities. It may however be extended for this purpose.
Disclaimer: I'm the author of the OpenEdge plugin for SQ