Research

Onapsis Research Labs, our team of offensive security professionals dedicated to hunting down vulnerabilities within ERP applications, has discovered and helped remediate over 1,000 zero day ERP vulnerabilities within SAP and Oracle applications. 

Threat actors are exploiting ERP vulnerabilities for financial gain.

Password hash cracking, user cloning, and user impersonation are realistic attack scenarios in SAP systems. This blog post explains how SAP customers can protect their systems.

What's spookier than ghosts and goblins? Threats to your company's ERP systems. Read how unpatched ERP vulnerabilities can still be a target for cyberattacks.

On August 18, 2022 the US Cybersecurity and Infrastructure Security Agency (CISA) added a critical SAP vulnerability–CVE-2022-22536–to its Known Exploited Vulnerabilities Catalog. Though this vulnerability was discovered earlier this year, this validation from CISA shows that organizations should prioritize action immediately.

The Onapsis Research Labs detected active exploitation activity related to three vulnerabilities that were already patched by SAP.

Despite their importance, many organizations lack the proper preventative, detective, and corrective controls to secure a company’s SAP applications, and have a reigning false sense of security provided by generic security products. That’s why Onapsis and SAP have been partnering together to empower executives to mitigate what we believe is one of the most critical types of cyber risk facing organizations.

Join Onapsis Research Labs at Troopers Conference for the fundamentals of how to pentest and secure SAP systems. Students will not only learn to assess the security of critical systems by performing tailored penetration testing, but also how to secure and monitor systems from the latest threats. Meet us there!

Get to know Ignacio Favro, a vulnerability security researcher in Onapsis Research Labs.

Onapsis is the only business-critical application security company that automatically updates products with the latest threat intelligence and security guidance from a dedicated security research team.