The Onapsis Blog

The world of business-critical application security is dynamic, with new developments happening on a continuous basis. Check out our blog for recommendations, insights and observations on the latest news for securing your SAP®, Oracle® and Salesforce applications.

Thumbnail

SAP Security Notes January 2017: Continued Security Focus on SAP for Defense

So, 2017 begins... and the first Patch Day has arrived. Today, SAP published its first Security Notes post of the year, making a total of 24 notes (21 published today) since the last Security Notes Tuesday in December. The amount of security corrections for each month starts consistent with last year (keeping the average of 25 SAP Security Notes per month). Today SAP published, for the second month in a row, SAP Security Notes for SAP ERP Defense Forces and Public Security.

Thumbnail

Oracle Publishes 253 New Vulnerabilities in October 2016 CPU

Yesterday, Oracle released its quarterly Critical Patch Update (CPU) to provide customers with detailed information about the latest vulnerabilities affecting Oracle business critical applications. This post will help Oracle customers better understand and prioritize the implementation of patches and testing of vulnerabilities on these systems within their organization. In this CPU, Oracle published 253 patches which affect 76 different Oracle products. We will analyze the Critical Patch Update and then will focus on the Oracle E-Business Suite vulnerabilities.

Thumbnail

Moving SAP to the Cloud? Let Security Be On Your Side

In today’s evolving IT landscape, companies are constantly planning their next steps when it comes to business-critical application security. Specifically, they are planning these steps around their SAP environment which supports core business processes for some of the world’s largest organizations. When it comes to migrating SAP solutions to the cloud, different roadmaps are regularly being assembled and developed in order to properly transfer solutions that were traditionally supported by on premise SAP systems to a diverse range of cloud offerings provided by SAP.

Thumbnail

Onapsis Publishes Advisories for Cross Site Scripting and OS Command Injection Vulnerabilities

Today, the Onapsis Research Labs released 14 advisories for SAP and 6 for Oracle E-Business Suite. All of the SAP advisories pertain to SAP NetWeaver - the technical integration platform on top of which enterprise and business solutions are developed and run. Half of these advisories for SAP NetWeaver relate to remote command execution vulnerabilities, which will be explained later in this post. On the Oracle side, all six advisories relate to cross-site scripting (XSS) attacks on the core business application Oracle E-Business Suite.

Thumbnail

Clickjacking SAP Security Notes: Where to start?

Introduction

A few months ago, we published a post about Clickjacking attacks, analyzing the nature of the attack, its related security notes and statistics on the attacks themselves. Even though this type of attack is not new, it’s an important aspect for the SAP world to understand, especially considering its relevancy after July’s security notes release.

Thumbnail

Onapsis publishes 12 advisories for Oracle Business Critical Applications

Today we have released 12 new Oracle application advisories which affect two different products: Oracle E-Business Suite and JD Edwards. The advisories include various types of vulnerabilities such as Cross Site Scripting, Denial of Service, Password Disclosure and User Creation. After great success uncovering hundreds of vulnerabilities in SAP systems, our Research Labs are expanding our security advisories to now include Oracle products.

Thumbnail

Onapsis Publishes 15 Advisories for SAP HANA and Building Components

Today, Onapsis Research Labs released 15 advisories related to SAP HANA and some building components, as well as Internal Communication Channels (also known as TREXNet). This is the first launch of more than 40 advisories we will be publishing in the following month including several vulnerabilities we have discovered in business critical application such as SAP and Oracle. In this blogpost, we'll analyze two different vulnerabilities affecting SAP HANA.

Request a Demo from Onapsis

Secure your 
business-critical SAP,
Oracle, Salesforce
and SaaS apps

Get a firsthand look at the visibility, reporting and automation capabilities provided by The Onapsis Platform by scheduling a personalized demo with our application security experts.

Request a demo