Onapsis at SAPinsider 2020

Protecting your mission-critical applications
Join us at the virtual conference!

ERP systems are at the core of every business, but their security has traditionally been taken for granted and have been out of InfoSec’s purview. Join us at SAPinsider 2020 to learn more about including ERP security in your overall IT security strategy so your critical systems and business applications stay secure, compliant and available.

Stop by the virtual Onapsis booth to see a live demo of The Onapsis Platform, and to learn about key trends affecting mission-critical applications. Chat with one of our cybersecurity experts in our virtual booth to learn how to protect SAP from increasing threats and vulnerabilities to SAP applications.

We look forward to seeing you virtually!

Meet with us virtually at SAPinsider 2020!

Have questions about how ERP cybersecurity fits into your organization’s business strategy and risk posture?

Set up time with one of our business application security experts or stop by our virtual booth!


Keynote Panel Discussion

Executive Q&A: Evolving Your SAP Security and Compliance Strategy in the Era of Cloud and SAP S/4HANA

Date: August 18th
Time: 4:00 PM - 4:30 PM ET

It has never been more critical for businesses to modernize their SAP security and compliance strategies. Because it houses an organization’s most critical data and resources, SAP systems have become a favorite target for hackers. And with increasing numbers of companies moving towards cloud-based solutions and SAP S/4HANA, there is incredible change happening within the SAP landscape and organization. This interactive discussion with Onapsis executive Jason Fruge will help you understand how you can protect your SAP systems and ensure compliance during these unique times. Attendees will learn:

  • Why it is critical to evaluate your security and compliance today
  • Key steps you can take to secure your system and analyze vulnerabilities
  • Common vulnerabilities in SAP systems that customers may not be aware of
  • The impact of SAP S/4HANA and cloud migration on security and compliance
  • The most critical security skills and support that every SAP team needs to add to their portfolio


Jason Fruge
Vice President of Business Application Cybersecurity | Onapsis

Onapsis Led Sessions

SAP Security: Building a Mature Program to Meet Tomorrow’s S4/HANA Opportunities

Many companies are preparing to migrate to SAP S/4HANA, migrating to cloud-based infrastructure, or deploying new data warehouses.  These changes are forcing organizations to reexamine their approaches to SAP Security as the traditional model of managing roles and responsibilities is no longer enough to meet the current threats.
The skills required to meet today’s security-related SAP challenges include vulnerability and patch management, user and administrator behavior management, audit and compliance management, and secure coding practices. Attend this session to:

  • Learn how to build an SAP Security program that measures and appropriately responds to issues from a risk perspective
  • Understand how to create opportunities to detect malicious insiders or better monitor third party BASIS support teams
  • See how to build processes around custom coding and how to introduce only safe code to SAP environments
  • Empower audit teams to gain the information they need to ensure compliance with regulatory requirements and corporate policies


  • JP Perez-Etchegoyen | CTO | Onapsis
Another Boring Compliance Session: ft. the Cybersecurity Gap in ITGC

Compliance to regulations like Sarbanes-Oxley (SOX) often require a set of controls in place to mitigate risks to the integrity of financial reporting. Current ITGC testing performed by internal and external auditors is only focused on one slice of access risk. Different entry points into SAP systems are overlooked and present higher level of risks that are currently not even assessed. How would you and your organization respond if presented with a scenario where you could 'ace' your ITGC audit and still be completely exposed?

In this session participants will:

  • Be provided an snapshot of the current ITGC testing approaches commonly applied by auditors
  • Learn the shortcomings of these approaches
  • Understand the threats that exist to your ERP beyond the current ITGC scope and how they relate to compliance (specifically Sarbanes-Oxley)
  • See how you can mitigate these risks BEFORE your internal and external auditors


    • Brian Tremblay | Onapsis

    Details: 50-Min Sponsored Session

    Critical SAP RECON Vulnerability: Who Is At Risk & How to Protect Your Business

    SAP’s July Security Notes include a fix for a critical vulnerability—CVSS score of 10 out of 10—named RECON. Successfully exploiting RECON could give an unauthenticated attacker full access to the affected SAP system, including the ability to modify financial records, view personal identifiable information (PII), corrupt data, delete or modify logs and traces and other actions that put essential business operations and regulatory compliance at risk. 

    The Onapsis Research Labs first identified this vulnerability in May 2020 and has worked closely with the SAP Security Response Team on a mitigation strategy. More than 40,000 SAP customers may be vulnerable to RECON, with upwards of 2,500 internet-facing systems facing even greater risk. 

    Attend this session to learn:

    • Details on the RECON vulnerability
    • The business impact
    • Why patching is so important
    • Recommendations for keeping SAP protected
    Managing Risk in the Cloud - Levi’s Gains Visibility & Threat Intelligence for HEC

    Levi’s wanted to pilot a new SAP Hybrid Enterprise Cloud (HEC), but potential loss of visibility into the operating environment presented a concern and became a challenge that required additional education. By partnering with Onapsis, Levi’s gained visibility into the cloud environment and can now trust and verify that the HEC is operating according to Levi’s standards. Leave the session with an understanding of best practices when addressing a cloud migration and a blueprint to leverage these based on strategies that were developed to protect mission-critical ERP applications.


    • Steve Zalewski | Deputy CISO | Levi’s
    • JP Perez-Etchegoyen | CTO | Onapsis

    20-Min Virtual Booth Session

    Protect Your Mission-Critical SAP Applications from the Latest Threats and Vulnerabilities

    The SAP threat landscape is expanding and these critical applications are increasingly under attack. Join Anand Kotti, cybersecurity expert at Onapsis, to learn about the latest threat vectors and critical vulnerabilities that are putting your business operations at risk, including the most recent RECON vulnerability that affected over 40,000 SAP customers and resulted in a DHS US-CERT Alert and more than ten other global alerts. The session will also include a live demo of how an attacker can quickly compromise SAP applications through the 10KBLAZE exploit and actionable guidance on how to mitigate these risks to your mission-critical systems.

    Speaker: Anand Kotti | Security Engineer | Onapsis

    Swag gets thrown away, so let’s work together to help people in need

    The OnaCares mission was formally established in 2017 and Onapsis will be expanding its mission in 2020. When you engage with Onapsis at major events including RSA Conference, SAPinsider, SAPPHIRE, Gartner Risk & Security Summit, Black Hat and more, you will have the chance to help us donate to three charities.

    RSA Charities
    How it works:
    • Stop by the Onapsis Virtual Booth
    • Select a charity you would like to donate to and we will donate $5 on your behalf
    • Engage with us on LinkedIn and Onapsis.com to see donation updates after the event and throughout the year!