JP Perez-Etchegoyen

The Onapsis Blog

The world of business-critical application security is dynamic, with new developments happening on a continuous basis. Check out our blog for recommendations, insights and observations on the latest news for securing your SAP®, Oracle® and Salesforce applications.

JP Perez-Etchegoyen

CTO

Juan Pablo leads the Research & Development teams that keeps Onapsis on the cutting-edge of the business-critical application security market. He is responsible for the design, research and development of Onapsis' innovative software solutions, and helps manage the development of new products as well as the SAP cyber-security research that has garnered critical acclaim for the Onapsis Research Labs. He is regularly invited to speak and host trainings at global industry conferences including Blackhat, HackInTheBox, Troopers, and SAP TechEd/DCODE. Prior to joining Onapsis, Juan Pablo led many Information Security consultancy projects for Companies in Latin America, EE.UU. and Europe. His strongest experience is in the field of Penetration Testing, Web Application Testing, Vulnerabilities Research, Information Security Auditing’s and Standards.

More Aggressive Time-to-Exploit Vulnerability Trends Affect Oracle and SAP Security Too

10/16/2023 | By

JP Perez-Etchegoyen

|

Research

More Aggressive Time-to-Exploit Vulnerability Trends Affect Oracle and SAP Security Too

On September 28th, Mandiant published their Time-To-Exploit trends report, including several very insightful stats covering vulnerabilities exploited between 2021 and 2022. (It’s a great read on its own, and we recommend you review it!) Here at the Labs, we thought it would be a good idea to correlate the insights from that report and highlight how they relate to the observations the Onapsis Research Labs (“ORL”) have made on vulnerabilities affecting ERP Applications.

Read more about More Aggressive Time-to-Exploit Vulnerability Trends Affect Oracle and SAP Security Too

Onapsis Research Labs Advisory: CISA Highlights SAP & Oracle vulnerabilities as Frequently Exploited Vulnerabilities in 2022

08/04/2023 | By

JP Perez-Etchegoyen

|

SAP Security

Onapsis Research Labs Advisory: CISA Highlights SAP & Oracle vulnerabilities as Frequently Exploited Vulnerabilities in 2022

This advisory takes a long look at 2022 and offers a compelling list of the Common Vulnerabilities and Exposures (CVEs) that were most frequently and consistently exploited throughout last year. Unsurprisingly, for those that have been paying attention to the Onapsis Research Labs for a while now, ERP software vulnerabilities (for Oracle and SAP) made the hot list of 42 observed, frequently exploited vulnerabilities. What might be surprising is that this is the first time that SAP and Oracle vulnerabilities have officially made this list.

Read more about Onapsis Research Labs Advisory: CISA Highlights SAP & Oracle vulnerabilities as Frequently Exploited Vulnerabilities in 2022

Return of the ICMAD: Critical Vulnerabilities Affecting ICM over HTTP/2

07/11/2023 | By

JP Perez-Etchegoyen

|

Research

Return of the ICMAD: Critical Vulnerabilities Affecting ICM over HTTP/2

In 2023, the cybersecurity landscape has seen the return of ICMAD. Learn more about the two vulnerabilities and if your company might be affected.

Read more about Return of the ICMAD: Critical Vulnerabilities Affecting ICM over HTTP/2

SAP Remote Function Call (RFC) Vulnerabilities in 2023

07/06/2023 | By

JP Perez-Etchegoyen

|

SAP Security

SAP Remote Function Call (RFC) Vulnerabilities in 2023

In 2007, Onapsis CEO & Co-founder Mariano Nuñez presented several vulnerabilities and attacks affecting the RFC Protocol at Black Hat Europe. That presentation became a call-to-action for the research community to dedicate time into improving the security of SAP applications and SAP Protocols.

Read more about SAP Remote Function Call (RFC) Vulnerabilities in 2023

P4CHAINS Vulnerabilities Review with Onapsis

04/11/2023 | By

JP Perez-Etchegoyen

|

Research

P4CHAINS Vulnerabilities

Onapsis reviews the p4chains vulnerability and how vulnerability changing plays a role in this family of vulnerabilities.

Read more about P4CHAINS Vulnerabilities

Build a Strong SAP Security Strategy With the NIST Framework

08/18/2022 | By

JP Perez-Etchegoyen

|

SAP Security

Build a Strong SAP Security Strategy With the NIST Framework

Leveraging the NIST Cybersecurity Framework best practices can help teams eliminate blind spots and have a more secure, compliant environment for SAP systems.

Read more about Build a Strong SAP Security Strategy With the NIST Framework

08/16/2022 | By

JP Perez-Etchegoyen

|

Corporate

Application Security: Expert Tips from Onapsis CTO JP Perez-Etchegoyen

JP Perez-Etchegoyen shares tips for business application security. Learn how to better protect your critical data.

Read more about Application Security: Expert Tips from Onapsis CTO JP Perez-Etchegoyen

07/13/2022 | By

JP Perez-Etchegoyen

|

SAP Security

Q&A With Onapsis CTO JP Perez-Etchegoyen: Recent Active SAP Exploitation Activity

CTO JP Perez-Etchegoyen answers six questions around recent SAP application exploitation activity and shares tips for SAP security and next steps organizations can take to protect their critical systems.

Read more about Q&A With Onapsis CTO JP Perez-Etchegoyen: Recent Active SAP Exploitation Activity

Three Actively Exploited SAP Vulnerabilities Identified by Onapsis Research Labs: What You Need to Know

06/09/2022 | By

JP Perez-Etchegoyen

|

Research

Three Actively Exploited SAP Vulnerabilities Identified by Onapsis Research Labs: What You Need to Know

The Onapsis Research Labs detected active exploitation activity related to three vulnerabilities that were already patched by SAP.

Read more about Three Actively Exploited SAP Vulnerabilities Identified by Onapsis Research Labs: What You Need to Know

Ask the CTO: Strong Business Application Security Starts With the Right Cybersecurity Foundation

06/02/2022 | By

JP Perez-Etchegoyen

|

Corporate, SAP Security

Ask the CTO: Strong Business Application Security Starts With the Right Cybersecurity Foundation

Onapsis Chief Technology Officer JP Perez-Etchegoyen explains why an enterprise cybersecurity strategy for protecting business-critical applications should start with alignment to a strong security framework.

Read more about Ask the CTO: Strong Business Application Security Starts With the Right Cybersecurity Foundation

JP Perez-Etchegoyen

CTO

Ready to eliminate your SAP cyber security blindspot?