The Onapsis Blog

The world of business-critical application security and compliance is dynamic, with new developments happening on a continuous basis. Read our blog posts for recommendations, insights and observations on the latest news for safeguarding your SAP® and Oracle® applications.

Nahuel Sanchez

Nahuel Sanchez

Security Researcher Lead

Nahuel D. Sánchez leads the Security Research Team at Onapsis. His work focuses on performing extensive research of SAP products and its components, identifying and reporting security vulnerabilities, attack vectors and advanced exploitation techniques that are applicable to different platforms. Nahuel is one of the most frequent reporter of vulnerabilities in SAP products and has published several "SAP Security In-Depth" documents. He has presented in several security conferences around the world and delivered SAP Security Training several times in both conferences and big companies. He previously worked as a security consultant, evaluating the security of Web applications and as a Penetration Tester in several worldwide projects. His areas of interest include Web security, Reverse Engineering, and Business-Critical Applications Security.

Blog Banner
09/06/2017 | By
Nahuel Sanchez
|
Research

Analysis of the SAP HANA Internal Communication Interface

SAP HANA is a very fast growing product in many SAP environments, that has moved away from just an in-memory database to a complete application plus database system. In today’s blogpost we’ll talk about the SAP HANA internal communication interface, discuss its use in different scenarios, the configuration parameters involved and the different options that SAP HANA administrators should consider to secure their systems. We’ll also perform an analysis of the default configuration introduced in SPS 12 reviewing different parameters and how they impact overall security.

Onapsis Publishes 15 Advisories for SAP HANA and Building Components
07/21/2016 | By
Nahuel Sanchez
|
Research

Onapsis Publishes 15 Advisories for SAP HANA and Building Components

Today, Onapsis Research Labs released 15 advisories related to SAP HANA and some building components, as well as Internal Communication Channels (also known as TREXNet). This is the first launch of more than 40 advisories we will be publishing in the following month including several vulnerabilities we have discovered in business critical application such as SAP and Oracle. In this blogpost, we'll analyze two different vulnerabilities affecting SAP HANA.

Categories

Newsletter

Subscribe to our monthly newsletter, the Defender's Digest!

Subscribe

Meet the Authors

Request a
Business Risk Illustration

OPERATIONAL RESILIENCY ASSESSMENT

Prevent application downtime and costly business disruption

Request an Assessment
AUDIT EFFICIENCY ASSESSMENT

Eliminate resource consuming manual audit processes

Request an Assessment
CYBER RISK 
ASSESSMENT

Reduce vulnerabilities and misconfiguration to protect the business

Request an Assessment