Brian Tremblay, Onapsis Compliance Practice Leader, joins Security & Compliance Weekly to talk about how misconfigurations and vulnerabilities in your mission-critical applications can lead to compliance problems and the need for organizations to adopt a process of continuous compliance. As a former auditor, Brian understands the best practices leaders can use to identify, monitor and mitigate compliance risks. Watch the full podcast episode below with Security Weekly to learn more.
Interested in learning more about how Onapsis can protect your mission-critical applications? Join us at the 2020 Gartner Security & Risk Management Summit, September 14 – 17. Click here to register now!
About the Author
Brian Tremblay leads Onapsis’s Compliance Practice, drawing on over 20 years of experience in internal audit and risk management. As a former Chief Audit Executive, he brings hands-on expertise in preparing organizations for public offerings and implementing critical frameworks like SOX and GDPR. Brian’s deep knowledge of IT General Controls and regulatory compliance enables him to guide customers on mitigating risks related to their business-critical applications. His background at global companies like Raytheon and Deloitte establishes him as a trusted authority on audit-ready SAP systems and bridging the gap between security and compliance.
More about this author
Further Reading
Implementing SAP Security Baseline v2.6 with Onapsis
With the myriad amount of technology that is utilized within an enterprise it can be a challenge for even seasoned cyber security professionals to be aware of all the technology in use, let alone understand how best to ensure the technology is secured in line with the enterprise’s requirements. Mature providers of critical business applications…
Research Discovery: Identification of CVE-2025-42937 (SAPSprint RCE)
Onapsis Research Labs has identified a remotely exploitable path traversal vulnerability within the SAP Print Protocol. This protocol, used to send print requests to the SAPSprint service, fails to properly sanitize one path. The exploit, which requires no authentication, and operating by default on target port 515, allows an attacker to upload arbitrary files to…
Critical Remediation Guide: Securing SAPSprint Against CVE-2025-42937
A critical vulnerability in the SAPSprint service allows unauthenticated remote attackers to execute arbitrary commands with SYSTEM privileges on Windows servers. Because this service often runs on default ports (515) without authentication, it represents a high-priority target for threat actors seeking an initial foothold in SAP environments. This guide provides a verified, step-by-step procedure to…