Thomas Fritsch has been working on SAP security research for over four years, after a longer career as an SAP expert. With a focus on vulnerabilities in SAP system configuration and SAP transport management, he is known as a publisher of various articles and a speaker at different SAP-related conferences. Previously to joining Onapsis, he worked for an SAP partner in Walldorf where he designed and realized customer-centric solutions for the SAP change and transport management.
05/09/2023 | By
SAP Security Patch Day: May 2023
Highlights of May SAP Security Notes analysis include twenty-five new and updated SAP security patches released, including three HotNews Notes and nine High Priority Notes. Several critical vulnerabilities in SAP 3D Visual Enterprise License Manager’s web interface should be paid close attention. This month also marks the fourth time in a row that Onapsis Research Labs has directly contributed to SAP Patch Tuesday.
04/11/2023 | By
SAP Security Patch Day: April 2023
Critical Vulnerabilities in SAP Diagnostics Agent Poses Risk To All SAP Systems
03/14/2023 | By
SAP Patch Day: March 2023
Critical Vulnerabilities patched in SAP NetWeaver AS ABAP / Java and in SAP BusinessObjects
02/21/2023 | By
Using Generic Application Access Rules in SAP Custom Development
SAP applications often require the need to restrict access for certain entities to a subset of all instances. In most scenarios, SAP’s authorization concept is sufficient for this purpose. However, there are some disadvantages using SAP authorizations:
02/14/2023 | By
SAP Patch Day: February 2023
SAP Patch Day for February 2023 addresses twenty-six new & updated security patches which include one HotNews Note & five High Priority Notes.
01/10/2023 | By
SAP Patch Day: January 2023
SAP patch day for January 2023 addresses critical vulnerabilities patched for SAP AS ABAP and Java.
01/05/2023 | By
A Look Back at SAP Vulnerabilities in 2022
Onapsis Research Labs shares some of the top SAP security vulnerabilities organizations should be aware of from 2022.
12/13/2022 | By
SAP Security Patch Day: December 2022
This SAP Patch Day blog for December 2022 addresses SAP NetWeaver Process Integration & other Security Notes.
12/06/2022 | By
The Risks of SAP RFC Callbacks and How to Avoid Them
This blog explains SAP RFC Callbacks and how to protect your SAP systems.
12/05/2022 | By
Protect SAP Systems With Unified Connectivity Framework (UCON)
This blog post will explain the main aspects of Unified Connectivity Framework (UCON) and how it can be used to decrease the attack surface for malicious RFC calls by 95%.
Subscribe to our monthly newsletter, the Defender's Digest!Subscribe