About Onapsis Research Labs

The Onapsis Research Labs is a team of security experts who combine in-depth knowledge and experience to deliver security insights and threat intel affecting business-critical applications from SAP, Oracle, Salesforce and others.

They have discovered over 800 zero-day vulnerabilities and multiple critical global CERT alerts have been based on their novel research.

A Cooperative Approach

The Onapsis Research Labs continuously analyzes and investigates developments in mission-critical applications to discover and identify new vulnerabilities. The team works closely with SAP and Oracle product security teams to responsibly disclose this information so the issues can be appropriately patched.

Further, Onapsis reports the most critical vulnerabilities to the US-CERT, part of the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA), and other global agencies to increase the reach of disclosure and ensure timely patching to systems supporting critical infrastructure.

Powering The Onapsis Platform

All Security Advisories

The findings from the Onapsis Research Labs form the foundation of The Onapsis Platform. To date, the Onapsis Research Labs has responsibly disclosed hundreds of SAP and Oracle vulnerabilities and security advisories. Alerts and protections for these vulnerabilities have made The Onapsis Platform a proven solution for protecting business-critical applications. In September 2020, The Onapsis Platform officially became an SAP Endorsed App.

Value to Customers

Onapsis automatically updates its products with the latest threat intelligence and other security guidance from the Onapsis Research Labs. This provides customers with advanced notification on critical issues, comprehensive coverage, improved configurations and pre-patch protection ahead of scheduled vendor updates. The ongoing discoveries from the Onapsis Research Labs keeps The Onapsis Platform ahead of ever-evolving cybersecurity threats.

Threat Reports

Stay informed on the latest threats to business-critical applications, understand the risk and get the information you need to keep your organization protected.

All Threat Reports
Change has come in many forms for business and IT leaders across all industries. Geopolitical events, market forces, changing consumer behavior, and commodity price fluctuations have all put various…
Onapsis Research Labs’ thorough investigation of HTTP Response Smuggling over the last year led to the recent identification of the ICMAD vulnerabilities.
A critical cybersecurity blind spot impacting how many organizations protect their business-critical SAP applications is detailed in this joint report from Onapsis and SAP. Learn how threat actors…


Stay up to date with the latest research from the team, including SAP Security Notes Patch Day analysis, in-depth on the latest vulnerabilities and more.

All Blog Posts
Oracle’s July 2019 CPU Patches Three Critical Vulnerabilities in E-Business Suite Reported by Onapsis
Posted 07/16/2019 by Christian Simko, Gaston Traberg, Martin Doyhenard, Michael Miller, Sebastian Bortnik
SAP Security Notes July ‘19: Critical Vulnerability Affecting Solution Manager
Posted 07/09/2019 by
Cyber Weakness and the Impact on the Economy
Posted 06/25/2019 by Christian Simko

SAP Security In-Depth Publications

These publications aim to fully introduce and explain security issues and aspects inherent in SAP applications.

All Publications
The aim of this publication is to fully introduce and explain the concept of Remote Function Call (RFC) and the impact on the Gateway and Message Server.
In February 2017 SAP released Security Note 2413716 regarding configuration changes to secure Trusted RFC for GRC Access Control emergency access management (EAM), which was a High Priority note.…
This SAP Security In-depth attempts to fully introduce and explain the concept of Switchable Authorization Checks. How it works, why it’s important and how to implement a Switchable Authorization…

Secure your 
business-critical SAP,
Oracle, Salesforce
and SaaS apps

Get a firsthand look at the visibility, reporting and automation capabilities provided by The Onapsis Platform by scheduling a personalized demo with our application security experts.

Request a demo