Onapsis Research Labs

The Onapsis Blog

The world of business-critical application security is dynamic, with new developments happening on a continuous basis. Check out our blog for recommendations, insights and observations on the latest news for securing your SAP®, Oracle® and Salesforce applications.

Onapsis Research Labs

The Onapsis Research Labs is a team of security experts who combine in-depth knowledge and experience to deliver security insights and threat intel affecting business-critical applications from SAP, Oracle, Salesforce and others.

They have discovered over 800 zero-day vulnerabilities and multiple critical global CERT alerts have been based on their novel research.

A Look Back at the 2022 ERP Security Landscape (Video)

12/02/2022 | By

Onapsis Research Labs

|

Research

AppsMas: A Look Back at the 2022 ERP Security Landscape (Video)

Let’s take a look back at the 2022 ERP Security Landscape and what we can learn from it.

Read more about AppsMas: A Look Back at the 2022 ERP Security Landscape (Video)

11/02/2022 | By

Onapsis Research Labs

|

Corporate, Research

Onapsis Research Labs Discovers and Helps Remediate 1,000+ Cybersecurity Vulnerabilities in Business Applications

Onapsis Research Labs, our team of offensive security professionals dedicated to hunting down vulnerabilities within ERP applications, has discovered and helped remediate over 1,000 zero day ERP vulnerabilities within SAP and Oracle applications.

Read more about Onapsis Research Labs Discovers and Helps Remediate 1,000+ Cybersecurity Vulnerabilities in Business Applications

Threat Actors Exploit ERP Vulnerabilities for Financial Gain

10/26/2022 | By

Onapsis Research Labs

|

Research

Threat Actors Exploit ERP Vulnerabilities for Financial Gain

Threat actors are exploiting ERP vulnerabilities for financial gain.

Read more about Threat Actors Exploit ERP Vulnerabilities for Financial Gain

Older, Unpatched ERP Vulnerabilities Continue to Haunt Organizations

10/14/2022 | By

Onapsis Research Labs

|

Research

Unpatched ERP Vulnerabilities Haunt Organizations

What's spookier than ghosts and goblins? Threats to your company's ERP systems. Read how unpatched ERP vulnerabilities can still be a target for cyberattacks.

Read more about Unpatched ERP Vulnerabilities Haunt Organizations

ICMAD Vulnerability Added to CISA’s Known Exploited Vulnerabilities Catalog

08/22/2022 | By

Onapsis Research Labs

|

SAP Security, Research

ICMAD Vulnerability Added to CISA’s Known Exploited Vulnerabilities Catalog

On August 18, 2022 the US Cybersecurity and Infrastructure Security Agency (CISA) added a critical SAP vulnerability–CVE-2022-22536–to its Known Exploited Vulnerabilities Catalog. Though this vulnerability was discovered earlier this year, this validation from CISA shows that organizations should prioritize action immediately.

Read more about ICMAD Vulnerability Added to CISA’s Known Exploited Vulnerabilities Catalog

04/27/2022 | By

Onapsis Research Labs

|

SAP Security, Research

Attack & Secure SAP Systems with Onapsis Research Labs at Troopers Conference

Join Onapsis Research Labs at Troopers Conference for the fundamentals of how to pentest and secure SAP systems. Students will not only learn to assess the security of critical systems by performing tailored penetration testing, but also how to secure and monitor systems from the latest threats. Meet us there!

Read more about Attack & Secure SAP Systems with Onapsis Research Labs at Troopers Conference

02/25/2022 | By

Onapsis Research Labs

|

SAP Security, Research

How Does HTTP Response Smuggling Work

Research from the Onapsis Research Labs in HTTP Response Smuggling led to the discovery of a set of critical vulnerabilities affecting SAP applications using SAP Internet Communication Manager (ICM). In this blog, learn how HTTP Response Smuggling works.

Read more about How Does HTTP Response Smuggling Work

5 Things To Know About the ICMAD Vulnerabilities in SAP Business-Critical Applications

02/16/2022 | By

Onapsis Research Labs

|

SAP Security

5 Things To Know About the ICMAD Vulnerabilities in SAP Business-Critical Applications

Onapsis and SAP partnered on the discovery and mitigation of a set of critical vulnerabilities affecting SAP applications actively using the SAP Internet Communication Manager (ICM) component. Read along for five things you should know about the ICMAD vulnerabilities.

Read more about 5 Things To Know About the ICMAD Vulnerabilities in SAP Business-Critical Applications

Log4j Vulnerability: How to Protect Your SAP Applications

02/09/2022 | By

Onapsis Research Labs

|

Vulnerability Management

Log4j Vulnerability: Threat Intelligence and Mitigation Strategies to Protect Your SAP Applications

With more than 30 SAP applications affected by Log4j vulnerability, it’s important to understand your risk and build a comprehensive vulnerability management program that includes SAP security.

Read more about Log4j Vulnerability: Threat Intelligence and Mitigation Strategies to Protect Your SAP Applications

ICMAD: Critical Vulnerabilities in SAP Business Applications Require Immediate Attention

02/08/2022 | By

Onapsis Research Labs

JP Perez-Etchegoyen

|

SAP Security, Research

ICMAD: Critical Vulnerabilities in SAP Business Applications Require Immediate Attention

Onapsis Research Labs discovered a set of extremely critical vulnerabilities affecting SAP applications actively using the SAP Internet Communication Manager (ICM) component. This discovery requires immediate attention by most SAP customers.

Read more about ICMAD: Critical Vulnerabilities in SAP Business Applications Require Immediate Attention

Onapsis Research Labs

Ready to eliminate your SAP cyber security blindspot?