Podcast: Emerging Security Threats to Your Digital Supply Chain

By:

August 20, 2020

Jason Frugé, Vice President of Business Application Cybersecurity at Onapsis, was recently featured on an episode of the Enterprise Security Weekly Podcast, Emerging Security Threats to Your Digital Supply Chain. As the former CISO of Fossil, Jason knows the value behind securing your ERP systems and your most mission-critical applications.

In this episode, Jason discusses how missing patches, misconfigurations, issues with custom code and other vulnerabilities are leaving your most important data and applications unprotected—and what to do about it. Listen below!

 
View Onapsis Resources

Tags, , ,
About the Author
JP

JP Perez-Etchegoyen

As CTO, JP leads the innovation team that keeps Onapsis on the cutting edge of the Business-Critical Application Security market, addressing some of the most complex problems that organizations are currently facing while managing and securing their ERP landscapes. JP helps manage the development of new products as well as support the ERP cybersecurity research efforts that have garnered critical acclaim for the Onapsis Research Labs. JP is regularly invited to speak and host trainings at global industry conferences, including Black Hat, HackInTheBox, AppSec, Troopers, Oracle OpenWorld and SAP TechEd, and is a founding member of the Cloud Security Alliance (CSA) Cloud ERP Working Group. Over his professional career, JP has led many Information Security consultancy projects for some of the world’s biggest companies around the globe in the fields of penetration and web application testing, vulnerability research, cybersecurity infosec auditing/standards, vulnerability research and more.

More about this author
Back To Blog

Further Reading

Blog

Research Discovery: Identification of CVE-2025-42937 (SAPSprint RCE)

Onapsis Research Labs has identified a remotely exploitable path traversal vulnerability within the SAP Print Protocol. This protocol, used to send print requests to the SAPSprint service, fails to properly sanitize one path. The exploit, which requires no authentication, and operating by default on target port 515, allows an attacker to upload arbitrary files to…

Read More
Blog

Critical Remediation Guide: Securing SAPSprint Against CVE-2025-42937

A critical vulnerability in the SAPSprint service allows unauthenticated remote attackers to execute arbitrary commands with SYSTEM privileges on Windows servers. Because this service often runs on default ports (515) without authentication, it represents a high-priority target for threat actors seeking an initial foothold in SAP environments. This guide provides a verified, step-by-step procedure to…

Read More