SAP HANA evolved a lot in 2016, as did security focused on this critical platform. The year ended with the release of the “new generation” version, SAP HANA 2. Starting in early December, customers have been able to upgrade to this new version that SAP explains as big enough not to call it SAP HANA SP13. This new release is another testament to the success of SAP HANA adoption and will continue to increase the amount of customers that are moving to the world of the SAP in-memory database. As a consequence of this adoption, it will also increase how attractive this platform is for attackers and how important it is to properly protect it.
During the past year Onapsis has contributed and worked closely with SAP to further keep SAP HANA users secure. We reported more than 10 vulnerabilities last year, 6 of them have already been patched through SAP Security Notes. This represents almost 25% of the 22 notes released to this platform in 2016. Also, through our Research Labs, Onapsis was the first security vendor to report vulnerabilities to SAP HANA SPS 12 and worked closely with SAP until they were patched. We also were invited to several security conferences around the world to talk about HANA security such as SAP TechEd, Black Hat and RSA Conference.
Because of the growing interest in this topic, Onapsis has pulled all of our past research, presentations, thought leadership and news and consolidated it into a new resource center completely dedicated to SAP HANA Security. This will allow us to keep all SAP HANA related content in one location to allow customers to easily find in one unique place. Included in this microsite, you will find all of the the following information related to SAP HANA Security:
- An Infographic Illustrating The Evolution Of SAP HANA
- SAP HANA SAP Security In-Depth Publications
- On-demand Webcast Presentations on SAP HANA
- SAP HANA Advisories Ranked by Criticality
- Blog posts on the topic of SAP HANA Security
- Relevant News Articles
Historically, Onapsis Research Labs has reported and helped secure more than 80 vulnerabilities in SAP HANA and more than 50% of the SAP Security Notes released for this platform came from our Research Labs reports. During 2017 we will continue researching SAP HANA and helping customers to stay secure. We fully expect that this new site will ensure you qualified information to keep your infrastructure protected to cyber attacks.