Onapsis Research Labs

About Onapsis Research Labs

The Onapsis Research Labs is a team of security experts who combine in-depth knowledge and experience to deliver security insights and threat intel affecting business-critical applications from SAP, Oracle, Salesforce and others.

They have discovered over 800 zero-day vulnerabilities and multiple critical global CERT alerts have been based on their novel research.

A Cooperative Approach

The Onapsis Research Labs continuously analyzes and investigates developments in mission-critical applications to discover and identify new vulnerabilities. The team works closely with SAP and Oracle product security teams to responsibly disclose this information so the issues can be appropriately patched.

Further, Onapsis reports the most critical vulnerabilities to the US-CERT, part of the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA), and other global agencies to increase the reach of disclosure and ensure timely patching to systems supporting critical infrastructure.

Powering The Onapsis Platform

All Security Advisories

The findings from the Onapsis Research Labs form the foundation of The Onapsis Platform. To date, the Onapsis Research Labs has responsibly disclosed hundreds of SAP and Oracle vulnerabilities and security advisories. Alerts and protections for these vulnerabilities have made The Onapsis Platform a proven solution for protecting business-critical applications. In September 2020, The Onapsis Platform officially became an SAP Endorsed App.

Value to Customers

Onapsis automatically updates its products with the latest threat intelligence and other security guidance from the Onapsis Research Labs. This provides customers with advanced notification on critical issues, comprehensive coverage, improved configurations and pre-patch protection ahead of scheduled vendor updates. The ongoing discoveries from the Onapsis Research Labs keeps The Onapsis Platform ahead of ever-evolving cybersecurity threats.

Threat Reports

Stay informed on the latest threats to business-critical applications, understand the risk and get the information you need to keep your organization protected.

All Threat Reports
Threat Report ICMAD
Who Is at Risk and How To Protect Your Business-Critical SAP Applications
Onapsis Research Labs’ thorough investigation of HTTP Response Smuggling over the last year led to the recent identification of the ICMAD vulnerabilities.
Learn more
Active Cyberattacks on Mission-Critical SAP Applications
Active Cyberattacks on Business-Critical SAP Applications
A critical cybersecurity blind spot impacting how many organizations protect their business-critical SAP applications is detailed in this joint report from Onapsis and SAP. Learn how threat actors…
Learn more
RECON SAP vulnerability
RECON SAP vulnerability affects over 40,000 SAP customers
Onapsis has discovered and worked with SAP to release a patch for the RECON vulnerabilities, affecting a component included in many SAP applications.
Learn more

Blogs

Stay up to date with the latest research from the team, including SAP Security Notes Patch Day analysis, in-depth on the latest vulnerabilities and more.

All Blog Posts
BLOG
Oracle’s July 2019 CPU Patches Three Critical Vulnerabilities in E-Business Suite Reported by Onapsis
Posted 07/16/2019 by Christian Simko, Gaston Traberg, Martin Doyhenard, Michael Miller, Sebastian Bortnik
Read more
BLOG
SAP Security Notes July ‘19: Critical Vulnerability Affecting Solution Manager
Posted 07/09/2019 by
Read more
BLOG
Cyber Weakness and the Impact on the Economy
Posted 06/25/2019 by Christian Simko
Read more

SAP Security In-Depth Publications

These publications aim to fully introduce and explain security issues and aspects inherent in SAP applications.

All Publications
Volume XVII: Remote Function Call: The Whole Picture
The aim of this publication is to fully introduce and explain the concept of Remote Function Call (RFC) and the impact on the Gateway and Message Server.
Learn more
Volume XIV: Setup Trusted RFC in SAP GRC
In February 2017 SAP released Security Note 2413716 regarding configuration changes to secure Trusted RFC for GRC Access Control emergency access management (EAM), which was a High Priority note.…
Learn more
Volume XVI: SAP®️ Security In-Depth: Switchable Authorization Checks: New Workbench and Scenarios
This SAP Security In-depth attempts to fully introduce and explain the concept of Switchable Authorization Checks. How it works, why it’s important and how to implement a Switchable Authorization…
Learn more

Secure your 
business-critical SAP,
Oracle, Salesforce
and SaaS apps

Get a firsthand look at the visibility, reporting and automation capabilities provided by The Onapsis Platform by scheduling a personalized demo with our application security experts.

Request a demo