The Onapsis Blog

The world of business-critical application security is dynamic, with new developments happening on a continuous basis. Check out our blog for recommendations, insights and observations on the latest news for securing your SAP®, Oracle® and Salesforce applications.

Thomas Fritsch

Thomas Fritsch

Thomas Fritsch has been working on SAP security research for over four years, after a longer career as an SAP expert. With a focus on vulnerabilities in SAP system configuration and SAP transport management, he is known as a publisher of various articles and a speaker at different SAP-related conferences. Previously to joining Onapsis, he worked for an SAP partner in Walldorf where he designed and realized customer-centric solutions for the SAP change and transport management.


How to Securely Introduce Explicit AUTHORITY-CHECKS into Custom RFC-Enabled Function Modules

SAP customers often rely only on S_RFC authorizations to protect access to business data via RFC-enabled function modules (RFC FMs). This is risky because, due to the complexity of business scenarios, S_RFC authorizations are often assigned very generically (RFC_NAME = ‘*’ ). Another reason that S_RFC authorizations lack granularity is because in the past S_RFC authorizations could only be restricted on a function group level.

SAP Security Patch Day: May 2023

Highlights of May SAP Security Notes analysis include twenty-five new and updated SAP security patches released, including three HotNews Notes and nine High Priority Notes. Several critical vulnerabilities in SAP 3D Visual Enterprise License Manager’s web interface should be paid close attention. This month also marks the fourth time in a row that Onapsis Research Labs has directly contributed to SAP Patch Tuesday.
Request a Demo from Onapsis

Ready to eliminate your SAP cyber security blindspot?

Let us show you how simple it can be to protect your business applications.

Request a demo