The Onapsis Blog

The world of business-critical application security is dynamic, with new developments happening on a continuous basis. Check out our blog for recommendations, insights and observations on the latest news for securing your SAP®, Oracle® and Salesforce applications.

JP Perez-Etchegoyen CTO

JP Perez-Etchegoyen


Juan Pablo leads the Research & Development teams that keeps Onapsis on the cutting-edge of the business-critical application security market. He is responsible for the design, research and development of Onapsis' innovative software solutions, and helps manage the development of new products as well as the SAP cyber-security research that has garnered critical acclaim for the Onapsis Research Labs. He is regularly invited to speak and host trainings at global industry conferences including Blackhat, HackInTheBox, Troopers, and SAP TechEd/DCODE. Prior to joining Onapsis, Juan Pablo led many Information Security consultancy projects for Companies in Latin America, EE.UU. and Europe. His strongest experience is in the field of Penetration Testing, Web Application Testing, Vulnerabilities Research, Information Security Auditing’s and Standards.


More Aggressive Time-to-Exploit Vulnerability Trends Affect Oracle and SAP Security Too

On September 28th, Mandiant published their Time-To-Exploit trends report, including several very insightful stats covering vulnerabilities exploited between 2021 and 2022. (It’s a great read on its own, and we recommend you review it!)  Here at the Labs, we thought it would be a good idea to correlate the insights from that report and highlight how they relate to the observations the Onapsis Research Labs (“ORL”) have made on vulnerabilities affecting ERP Applications.


Onapsis Research Labs Advisory: CISA Highlights SAP & Oracle vulnerabilities as Frequently Exploited Vulnerabilities in 2022

This advisory takes a long look at 2022 and offers a compelling list of the Common Vulnerabilities and Exposures (CVEs) that were most frequently and consistently exploited throughout last year. Unsurprisingly, for those that have been paying attention to the Onapsis Research Labs for a while now, ERP software vulnerabilities (for Oracle and SAP) made the hot list of 42 observed, frequently exploited vulnerabilities. What might be surprising is that this is the first time that SAP and Oracle vulnerabilities have officially made this list.
Request a Demo from Onapsis

Ready to eliminate your SAP cyber security blindspot?

Let us show you how simple it can be to protect your business applications.

Request a demo