JP Perez-Etchegoyen

The Onapsis Blog

Die Sicherheit von geschäftskritischen Anwendung ist dynamisch, und es gibt ständig neue Entwicklungen. In unserem Blog finden Sie Empfehlungen, Einblicke und Beobachtungen zu den neuesten Nachrichten für die Sicherung Ihrer SAP®-, Oracle®- und Salesforce-Anwendungen.

JP Perez-Etchegoyen

CTO

Juan Pablo leads the Research & Development teams that keeps Onapsis on the cutting-edge of the business-critical application security market. He is responsible for the design, research and development of Onapsis' innovative software solutions, and helps manage the development of new products as well as the SAP cyber-security research that has garnered critical acclaim for the Onapsis Research Labs. He is regularly invited to speak and host trainings at global industry conferences including Blackhat, HackInTheBox, Troopers, and SAP TechEd/DCODE. Prior to joining Onapsis, Juan Pablo led many Information Security consultancy projects for Companies in Latin America, EE.UU. and Europe. His strongest experience is in the field of Penetration Testing, Web Application Testing, Vulnerabilities Research, Information Security Auditing’s and Standards.

Onapsis Research Labs Advisory: CISA Highlights SAP & Oracle vulnerabilities as Frequently Exploited Vulnerabilities in 2022

08/04/2023 | By

JP Perez-Etchegoyen

|

SAP Security

Onapsis Research Labs Advisory: CISA Highlights SAP & Oracle vulnerabilities as Frequently Exploited Vulnerabilities in 2022

This advisory takes a long look at 2022 and offers a compelling list of the Common Vulnerabilities and Exposures (CVEs) that were most frequently and consistently exploited throughout last year. Unsurprisingly, for those that have been paying attention to the Onapsis Research Labs for a while now, ERP software vulnerabilities (for Oracle and SAP) made the hot list of 42 observed, frequently exploited vulnerabilities. What might be surprising is that this is the first time that SAP and Oracle vulnerabilities have officially made this list.

Read more about Onapsis Research Labs Advisory: CISA Highlights SAP & Oracle vulnerabilities as Frequently Exploited Vulnerabilities in 2022

Return of the ICMAD: Critical Vulnerabilities Affecting ICM over HTTP/2

07/11/2023 | By

JP Perez-Etchegoyen

|

Research

Return of the ICMAD: Critical Vulnerabilities Affecting ICM over HTTP/2

In 2023, the cybersecurity landscape has seen the return of ICMAD. Learn more about the two vulnerabilities and if your company might be affected.

Read more about Return of the ICMAD: Critical Vulnerabilities Affecting ICM over HTTP/2

SAP Remote Function Call (RFC) Vulnerabilities in 2023

07/06/2023 | By

JP Perez-Etchegoyen

|

SAP Security

SAP Remote Function Call (RFC) Vulnerabilities in 2023

In 2007, Onapsis CEO & Co-founder Mariano Nuñez presented several vulnerabilities and attacks affecting the RFC Protocol at Black Hat Europe. That presentation became a call-to-action for the research community to dedicate time into improving the security of SAP applications and SAP Protocols.

Read more about SAP Remote Function Call (RFC) Vulnerabilities in 2023

P4CHAINS Vulnerabilities Review with Onapsis

04/11/2023 | By

JP Perez-Etchegoyen

|

Research

P4CHAINS Vulnerabilities

Onapsis reviews the p4chains vulnerability and how vulnerability changing plays a role in this family of vulnerabilities.

Read more about P4CHAINS Vulnerabilities

Build a Strong SAP Security Strategy With the NIST Framework

08/18/2022 | By

JP Perez-Etchegoyen

|

SAP Security

Build a Strong SAP Security Strategy With the NIST Framework

Leveraging the NIST Cybersecurity Framework best practices can help teams eliminate blind spots and have a more secure, compliant environment for SAP systems.

Read more about Build a Strong SAP Security Strategy With the NIST Framework

08/16/2022 | By

JP Perez-Etchegoyen

|

Corporate

Application Security: Expert Tips from Onapsis CTO JP Perez-Etchegoyen

JP Perez-Etchegoyen shares tips for business application security. Learn how to better protect your critical data.

Read more about Application Security: Expert Tips from Onapsis CTO JP Perez-Etchegoyen

07/13/2022 | By

JP Perez-Etchegoyen

|

SAP Security

Q&A With Onapsis CTO JP Perez-Etchegoyen: Recent Active SAP Exploitation Activity

CTO JP Perez-Etchegoyen answers six questions around recent SAP application exploitation activity and shares tips for SAP security and next steps organizations can take to protect their critical systems.

Read more about Q&A With Onapsis CTO JP Perez-Etchegoyen: Recent Active SAP Exploitation Activity

Three Actively Exploited SAP Vulnerabilities Identified by Onapsis Research Labs: What You Need to Know

06/09/2022 | By

JP Perez-Etchegoyen

|

Research

Three Actively Exploited SAP Vulnerabilities Identified by Onapsis Research Labs: What You Need to Know

The Onapsis Research Labs detected active exploitation activity related to three vulnerabilities that were already patched by SAP.

Read more about Three Actively Exploited SAP Vulnerabilities Identified by Onapsis Research Labs: What You Need to Know

Ask the CTO: Strong Business Application Security Starts With the Right Cybersecurity Foundation

06/02/2022 | By

JP Perez-Etchegoyen

|

Corporate, SAP Security

Ask the CTO: Strong Business Application Security Starts With the Right Cybersecurity Foundation

Onapsis Chief Technology Officer JP Perez-Etchegoyen explains why an enterprise cybersecurity strategy for protecting business-critical applications should start with alignment to a strong security framework.

Read more about Ask the CTO: Strong Business Application Security Starts With the Right Cybersecurity Foundation

Onapsis Security Advisory: Increased Vigilance During Times of Crisis

03/01/2022 | By

JP Perez-Etchegoyen

|

Corporate

Onapsis Security Advisory: Increased Vigilance During Times of Crisis

Onapsis Research Labs advise extra vigilance during this time. Please take extra steps to ensure that your organization and your business-critical applications are protected and resilient.

Read more about Onapsis Security Advisory: Increased Vigilance During Times of Crisis