Meet Onapsis at Black Hat 2021 for a training session on a complete approach for both Offensive and Defensive of SAP systems.
You're probably here because you don’t know this term fairly intimately, but you most likely will before long because it’s the name of the enterprise resource planning (ERP) platform from the German software giant SAP®. ERP software is what SAP is best known for, and SAP S/4HANA is the latest and greatest version of its popular ERP product.
06/04/2021 | By |
According to threat intelligence issued by SAP and Onapsis, there’s a critical cybersecurity blind spot impacting how many organizations protect their mission-critical SAP applications. At the same time, it’s clear that threat actors are active, capable, and widespread.
This chemical company wanted to ensure compliance and security standards throughout their SAP change management processes and identify code and transport issues before they could cause vulnerabilities or system downtime. They built Onapsis security, quality and compliance checks into their SAP change management processes to accelerate application delivery time and reduce costs.
During our recent webinar covering our threat report, we received a lot of great questions from attendees. In this post, we are going to address some of the questions that were asked in the live session.
SAP has released 18 new and updated SAP Security Notes in its March 2021 patch release, including the notes that were released since last patch day. As part of this month’s patch release, there are four HotNews notes and one High Priority note.
SAP has released 20 new and updated SAP Security Notes on February’s Patch Day, including the notes that were released since last Patch Day.
Transaction Types and How to Automate SAP User Information System (SUIM) Queries with The Onapsis Platform
The SAP Security Admin utilizes SUIM in SAP systems manually, one SAP system/client at a time to gather this data for operational use and to report findings internally/externally to Compliance or Audit teams. This can be a time-consuming process.
Anywhere from 2,500 up to potentially 10,000 internet-facing systems were exposed to RECON at the date of the release of the patch. Considering those numbers and that approximately 30% to 40% of the systems could still be vulnerable (based on estimations of diverse samples), that provides an enormous attack surface and risk. Learn more in our blog post here.