Onapsis Control Datasheet
Application security testing for SAP applications, including the ability to review third-party custom code and transports and remediate common code errors. Step-by-step remediation instructions and integrations with developer tools accelerate time to vulnerability identification and remediation.
“Onapsis helps us address security code and compliance issues and avoid costly rework and manual analysis.”
— Security Architecture Manager, Fortune 100 Chemical Company
The accelerated pace of digital transformation projects forces teams to attempt balancing speed and security…with security frequently tabled in order to meet abbreviated project timelines. Tight development cycles lead to the use of third-party code libraries and developers. However, with little visibility, organizations are forced into even more manual reviews (if at all) to stop the introduction of new security issues. Preventing critical issues from getting into production systems is imperative. However, many transports aren’t sufficiently audited, and once an SAP transport is delivered into production, there is no quick way to roll this back, which only adds to the growing amount of manual work.
Onapsis Control directly addresses these challenges, providing application security testing through automated review of third-party custom SAP code and transports and one-click remediation for common code errors. Automated assessments, integrations with SAP development environments and change management, and step-by-step remediation instructions mean teams can rapidly identify and fix issues before they negatively impact production.
Onapsis Control works by scanning systems and inspecting code directly within development environments. Control leverages extensive test cases based on best practices and in-depth security analysis and research of SAP applications from the Onapsis Research Labs. Millions of lines of code can be automatically scanned in minutes, and remediation guidance is provided to keep pace with accelerated development cycles. Transport scanning and release simulations deliver key analysis and insights, so teams can make changes and mitigate risk before a transport is put into production. Bulk code scans identify and automate remediation for the most common code errors.
Onapsis’ highest priority is the security of our software and the confidentiality,integrity, and availability of customer information as it flows through that software. We embed the strongest possible security measures into our software development life cycle (SDLC) and into the operating system, database, web security, and logging layers of our products. Onapsis contracts with accredited, third-party, auditing companies who have audited our SDLC process and we have the following certifications: ISO 27001:2013, SOC 1 Type 1, SOC 2, and Veracode. Verified Program. Our product design and development requirements follow the OWASP ASVA v4 framework or other industry standard guidelines
Onapsis Control is licensed as an annual subscription based on the number of target systems. Subscription includes access to all updates available for the respective software license, technical support, and a dedicated account manager.
Onapsis Research Labs
The award-winning Onapsis Research Labs is a team of cybersecurity experts who combine in-depth knowledge and experience to deliver security insights and threat intel affecting mission critical applications from SAP, Oracle, and SaaS providers. They have discovered over 1,000 zero-day vulnerabilities and multiple critical global CERT alerts have been based on their novel research. Onapsis automatically updates its products with the latest threat intelligence and other security guidance from the Onapsis Research Labs. This provides customers with advanced notification on critical issues, comprehensive coverage, improved configurations and pre-patch protection ahead of scheduled vendor updates.
The Onapsis Platform
Onapsis Control is part of the Onapsis Platform. The Platform focuses on four pillars of business-critical application security that directly targets interconnected risk - vulnerability management, threat monitoring, compliance automation, and application security testing.
learn moreFeatures & Benefits
Scan both the code and the transport construction itself for errors, threats, and vulnerabilities prior to release into production. Simulate the effect of transports prior to import. Block bad transports from moving into production, preventing potentially critical system downtime and production issues.
Requires Control for Transports license.
Continuously monitor transports and automatically receive notification if transport contains suspicious content
Requires Control for Transports license.
Seamless integration with SAP ATC Cockpit, SAP CHaRM (Change Request System) and SAP TMS (Transport Management System) for increased productivity.