Thomas Fritsch

The Onapsis Blog

The world of business-critical application security is dynamic, with new developments happening on a continuous basis. Check out our blog for recommendations, insights and observations on the latest news for securing your SAP®, Oracle® and Salesforce applications.

Thomas Fritsch has been working on SAP security research for over four years, after a longer career as an SAP expert. With a focus on vulnerabilities in SAP system configuration and SAP transport management, he is known as a publisher of various articles and a speaker at different SAP-related conferences. Previously to joining Onapsis, he worked for an SAP partner in Walldorf where he designed and realized customer-centric solutions for the SAP change and transport management.

05/09/2023 | By

Thomas Fritsch

|

SAP Patch Day

SAP Security Patch Day: May 2023

Highlights of May SAP Security Notes analysis include twenty-five new and updated SAP security patches released, including three HotNews Notes and nine High Priority Notes. Several critical vulnerabilities in SAP 3D Visual Enterprise License Manager’s web interface should be paid close attention. This month also marks the fourth time in a row that Onapsis Research Labs has directly contributed to SAP Patch Tuesday.

Read more about SAP Security Patch Day: May 2023

04/11/2023 | By

Thomas Fritsch

|

SAP Patch Day

SAP Security Patch Day: April 2023

Critical Vulnerabilities in SAP Diagnostics Agent Poses Risk To All SAP Systems

Read more about SAP Security Patch Day: April 2023

03/14/2023 | By

Thomas Fritsch

|

SAP Patch Day

SAP Patch Day: March 2023

Critical Vulnerabilities patched in SAP NetWeaver AS ABAP / Java and in SAP BusinessObjects

Read more about SAP Patch Day: March 2023

02/21/2023 | By

Thomas Fritsch

|

SAP Security

Using Generic Application Access Rules in SAP Custom Development

SAP applications often require the need to restrict access for certain entities to a subset of all instances. In most scenarios, SAP’s authorization concept is sufficient for this purpose. However, there are some disadvantages using SAP authorizations:

Read more about Using Generic Application Access Rules in SAP Custom Development

02/14/2023 | By

Thomas Fritsch

|

SAP Patch Day

SAP Patch Day: February 2023

SAP Patch Day for February 2023 addresses twenty-six new & updated security patches which include one HotNews Note & five High Priority Notes.

Read more about SAP Patch Day: February 2023

01/10/2023 | By

Thomas Fritsch

|

SAP Patch Day

SAP Patch Day: January 2023

SAP patch day for January 2023 addresses critical vulnerabilities patched for SAP AS ABAP and Java.

Read more about SAP Patch Day: January 2023

A Look Back at SAP Vulnerabilities in 2022

01/05/2023 | By

Thomas Fritsch

|

SAP Security, Research

A Look Back at SAP Vulnerabilities in 2022

Onapsis Research Labs shares some of the top SAP security vulnerabilities organizations should be aware of from 2022.

Read more about A Look Back at SAP Vulnerabilities in 2022

12/13/2022 | By

Thomas Fritsch

|

SAP Patch Day

SAP Security Patch Day: December 2022

This SAP Patch Day blog for December 2022 addresses SAP NetWeaver Process Integration & other Security Notes.

Read more about SAP Security Patch Day: December 2022

The Risks of SAP RFC Callbacks and How to Avoid Them

12/06/2022 | By

Thomas Fritsch

|

SAP Security, Research

The Risks of SAP RFC Callbacks and How to Avoid Them

This blog explains SAP RFC Callbacks and how to protect your SAP systems.

Read more about The Risks of SAP RFC Callbacks and How to Avoid Them

Protect SAP Systems With Unified Connectivity Framework (UCON)

12/05/2022 | By

Thomas Fritsch

|

SAP Security, Research

Protect SAP Systems With Unified Connectivity Framework (UCON)

This blog post will explain the main aspects of Unified Connectivity Framework (UCON) and how it can be used to decrease the attack surface for malicious RFC calls by 95%.

Read more about Protect SAP Systems With Unified Connectivity Framework (UCON)

Thomas Fritsch

Ready to eliminate your SAP cyber security blindspot?