Onapsis Control Datasheet

Application security testing for SAP applications, including the ability to review third-party custom code and transports and remediate common code errors. Step-by-step remediation instructions and integrations with developer tools accelerate time to vulnerability identification and remediation.

“Onapsis helps us address security code and compliance issues and avoid costly rework and manual analysis.”

— Security Architecture Manager, Fortune 100 Chemical Company

Onapsis Control Product Overview

The accelerated pace of digital transformation projects forces teams to attempt balancing speed and security…with security frequently tabled in order to meet abbreviated project timelines. Tight development cycles lead to the use of third-party code libraries and developers. However, with little visibility, organizations are forced into even more manual reviews (if at all) to stop the introduction of new security issues. Preventing critical issues from getting into production systems is imperative. However, many transports aren’t sufficiently audited, and once an SAP transport is delivered into production, there is no quick way to roll this back, which only adds to the growing amount of manual work.

Onapsis Control directly addresses these challenges, providing application security testing through automated review of third-party custom SAP code and transports and one-click remediation for common code errors. Automated assessments, integrations with SAP development environments and change management, and step-by-step remediation instructions mean teams can rapidly identify and fix issues before they negatively impact production.

Onapsis Control works by scanning systems and inspecting code directly within development environments. Control leverages extensive test cases based on best practices and in-depth security analysis and research of SAP applications from the Onapsis Research Labs. Millions of lines of code can be automatically scanned in minutes, and remediation guidance is provided to keep pace with accelerated development cycles. Transport scanning and release simulations deliver key analysis and insights, so teams can make changes and mitigate risk before a transport is put into production. Bulk code scans identify and automate remediation for the most common code errors.

Onapsis’ highest priority is the security of our software and the confidentiality,integrity, and availability of customer information as it flows through that software. We embed the strongest possible security measures into our software development life cycle (SDLC) and into the operating system, database, web security, and logging layers of our products. Onapsis contracts with accredited, third-party, auditing companies who have audited our SDLC process and we have the following certifications: ISO 27001:2013, SOC 1 Type 1, SOC 2, and Veracode. Verified Program. Our product design and development requirements follow the OWASP ASVA v4 framework or other industry standard guidelines

Onapsis Control is licensed as an annual subscription based on the number of target systems. Subscription includes access to all updates available for the respective software license, technical support, and a dedicated account manager.

Onapsis Research Labs 

The award-winning Onapsis Research Labs is a team of cybersecurity experts who combine in-depth knowledge and experience to deliver security insights and threat intel affecting mission critical applications from SAP, Oracle, and SaaS providers. They have discovered over 1,000 zero-day vulnerabilities and multiple critical global CERT alerts have been based on their novel research. Onapsis automatically updates its products with the latest threat intelligence and other security guidance from the Onapsis Research Labs. This provides customers with advanced notification on critical issues, comprehensive coverage, improved configurations and pre-patch protection ahead of scheduled vendor updates. 

Onapsis Platform

The Onapsis Platform

Onapsis Control is part of the Onapsis Platform. The Platform focuses on four pillars of business-critical application security that directly targets interconnected risk - vulnerability management, threat monitoring, compliance automation, and application security testing.

learn more

Features & Benefits

Save time by scanning millions of lines of code in minutes for ABAP, Fiori, and HANA Native applications Scans performed for HANA Native include code languages such as SAPUI5, SQLScript, CDS, XSJS, and Node.js. Scans performed for Fiori include code languages such as ABAP, SAPUI5. New ABAP syntax are supported as well as older objects such as LSMW

Multiple scanners run in parallel with hundreds of automated, predefined test cases across a wide swath of use cases. Prioritize code issues based on probability and impact to accelerate your time-to-resolution.

Hundreds of test cases are available out-of-the-box and maintained by the SAP security experts at Onapsis. Categories include but are not limited to security, compliance, data loss prevention, code performance, robustness, and maintainability.

Onapsis’ patented analysis capabilities deliver more accurate detection and significantly lower rates of false positives for code issues, saving valuable time and resources for application development teams.

Use Control wherever you currently develop applications, including support for SAP ABAP Development Workbench, Eclipse HANA Studio, SAP WebIDE, Visual Studio Code, and Business Application Studio development platforms.

Develop where you want with plugins available for CI/CD tools such as Azure Pipelines and Jenkins. An Onapsis open API is available for additional extensibility.

Scans millions of lines of code in minutes to provide automatic corrections for the most common errors seen by Onapsis experts in SAP application development, providing significant time savings.

Scan both the code and the transport construction itself for errors, threats, and vulnerabilities prior to release into production. Simulate the effect of transports prior to import. Block bad transports from moving into production, preventing potentially critical system downtime and production issues.

Requires Control for Transports license.

Continuously monitor transports and automatically receive notification if transport contains suspicious content 

Requires Control for Transports license.

Alerts developer to code errors while typing for immediate correction.

Seamless integration with SAP ATC Cockpit, SAP CHaRM (Change Request System) and SAP TMS (Transport Management System) for increased productivity.

For the complete list of licensing and technology components:
Control Datasheet
Download Datasheet
Request a Demo from Onapsis

Ready to eliminate your SAP cyber security blindspot?

Let us show you how simple it can be to protect your business applications.

Request a demo