Onapsis Assess Datasheet

Vulnerability management for business-critical applications such as SAP and Oracle, including deep visibility into the attack surface across the entire application landscape, automated assessments with detailed solutions and descriptions of associated risk and business impact.

“Onapsis removes the mystery around SAP security by increasing visibility. We can see issues—misconfigurations, missing patches or unusual user activity—what risk they pose and how to fix them.” 

— Enterprise Security Manager, Fortune 500 Utility Company

Onapsis Assess Platform Overview

InfoSec professionals frequently lack visibility into their organization’s most critical business applications because the tools they traditionally rely on don’t adequately cover these systems. Security administrators are typically responsible for vulnerability management for the business. However, their tools don’t cover business critical applications and they often rely on cohorts within application teams for remediation. 

A lack of visibility and tools aren’t the only challenge, the applications themselves are also complex. The frequency of releases, the complexity of patching processes, and size of application landscapes mean enterprises are facing a growing backlog of patches and lack prioritization tools.

Onapsis Assess directly addresses these challenges for enterprise teams. It provides focused and comprehensive vulnerability management for business-critical applications like those from SAP and Oracle. It provides deep visibility into the entire application landscape, automated assessments with detailed solutions, and descriptions of associated risk and business impact. Onapsis Assess aligns InfoSec and IT Teams and lets them make empowered decisions on how to respond to incidents, reduce investigation and remediation times, and achieve greater risk reduction with less effort.

Sensors are deployed - either on-premises or in the cloud - which provide deep scanning of assets at the system, application, and code level. Assess runs scans with preset and customizable policies and modules which search assets for a comprehensive and regularly updated set of known issues, including missing patches, unsecured or incorrect configurations, and risky user authorizations/permissions. Custom policies and modules allow alignment with organizational policies and best practices. The results are displayed in a single dashboard to prioritize risks and identify action for mitigation. Each vulnerability identified contains an explanation of the business impact, severity, and remediation steps for resolution.

Onapsis’ highest priority is the security of our software and the confidentiality, integrity, and availability of customer information as it flows through that software. We embed the strongest possible security measures into our software development life cycle (SDLC) and into the operating system, database, web security, and logging layers of our products. Onapsis contracts with accredited, third-party, auditing companies who have audited our SDLC process and we have the following certifications: ISO 27001:2013,  SOC 1 Type 1, SOC 2, and Veracode Verified Program. Our product design and development requirements follow the OWASP ASVA v4 framework or other industry standard guidelines.

Onapsis Assess can be deployed on-premises, in your cloud environment (all major cloud providers supported), or on Onapsis cloud environment, as a SaaS. Technical components needed to support each deployment type are described in Table 2 below.

Onapsis Research Labs 

The award-winning Onapsis Research Labs is a team of cybersecurity experts who combine in-depth knowledge and experience to deliver security insights and threat intel affecting mission critical applications from SAP, Oracle, and SaaS providers. They have discovered over 1,000 zero-day vulnerabilities and multiple critical global CERT alerts have been based on their novel research. Onapsis automatically updates its products with the latest threat intelligence and other security guidance from the Onapsis Research Labs. This provides customers with advanced notification on critical issues, comprehensive coverage, improved configurations and pre-patch protection ahead of scheduled vendor updates. 

Onapsis Platform

The Onapsis Platform

Onapsis Assess is part of the Onapsis Platform. The Platform focuses on four pillars of business-critical application security that directly targets interconnected risk - vulnerability management, threat monitoring, compliance automation, and application security testing.

learn more

Features & Benefits

Virtual devices are deployed on premises or in the cloud to provide deep scanning of assets at system, application and code levels and analyze system vulnerabilities without sacrificing system performance

Thousands of vulnerability checks are ready to go out of the box and are grouped into standard policies based on the target system (e.g., SAP, Oracle), allowing for full vulnerability scanning of your business-critical applications.

Users can create custom policies to include the set of vulnerability checks that meets their needs.


*Not available with Assess Baseline license

Onapsis provides predefined vulnerability checks, called modules, but also enables the ability to define custom checks.


*Not available with Assess Baseline license

Shows issue data and trends from recent scans, with graphical visualizations to provide quick insights into system issues.

Summary reports demonstrate current risk standing, status over time, and mitigation efforts, allowing results of vulnerability management efforts to be more easily shared with stakeholders across the business.

Detailed explanations of the business impact of identified problems within each system, along with an associated risk score and step-by-step remediation instructions, accelerates time to resolution.

Built in workflow capability allows for issue assignment and acceptance either manually via an automated workflow engine. Integration with IT Service Management tools enables automatic ticket creation for faster remediation.

Summary reports demonstrate current risk standing, status over time, and mitigation efforts, allowing results of vulnerability management efforts to be more easily shared with stakeholders across the business.

Create custom reports via the Onapsis Platform API in order to share reports regarding risk posture trends and assessments.

Feature that leverages AI and 14+ years of Onapsis data and experience from security engagements to help security and IT leaders answer the question, “How are we doing with SAP security?” Acts as a personalized, trusted “security advisor” to help you establish better security goals, guide your ERP security journey, and track progress in comparison to baselines and other companies and industries at different stages.

Vulnerability checks are regularly updated and added based on the latest investigation results from the Onapsis Research Labs.

Extends vulnerability scanning to custom code deployed to production. This gives security teams a more complete view of their SAP application attack surface.

Prerequisite for Onapsis Comply. With a valid Comply license, adds the right-sized, frictionless SAP audit packs to the Assess scanning engine.

*Not available with Assess Baseline license

Delivers a regularly-updated and curated library of new and ongoing threat research, directly from the Onapsis Research Labs. The Threat Intel Center provides one-click access to comprehensive research designed for both the education of cybersecurity team members and providing organization-specific business impact for cybersecurity leaders.


*Not available with Assess Baseline license

For the complete list of licensing and technology components:
Assess Datasheet
Download Datasheet
Request a Demo from Onapsis

Ready to eliminate your SAP cyber security blindspot?

Let us show you how simple it can be to protect your business applications.

Request a demo