JP Perez-Etchegoyen
As CTO, JP leads the innovation team that keeps Onapsis on the cutting edge of the Business-Critical Application Security market, addressing some of the most complex problems that organizations are currently facing while managing and securing their ERP landscapes. JP helps manage the development of new products as well as support the ERP cybersecurity research efforts that have garnered critical acclaim for the Onapsis Research Labs. JP is regularly invited to speak and host trainings at global industry conferences, including Black Hat, HackInTheBox, AppSec, Troopers, Oracle OpenWorld and SAP TechEd, and is a founding member of the Cloud Security Alliance (CSA) Cloud ERP Working Group. Over his professional career, JP has led many Information Security consultancy projects for some of the world’s biggest companies around the globe in the fields of penetration and web application testing, vulnerability research, cybersecurity infosec auditing/standards, vulnerability research and more.
Revisiting CH4TTER: Takeaways One Year After this SAP Threat Landscape Report
Onapsis CTO & Onapsis Director of Security Research discusses learnings from one year after our SAP threat landscape report: CH4TTER.
Active Exploitation of SAP Vulnerability CVE-2017-12637
CISA warned organizations about the active exploitation of CVE-2017-12637. This known vulnerability was initially patched by SAP in 2017. However in some cases, installations could be exposed despite the patch being applied, as warned by SAP in 2024.
SAP Cybersecurity 101: Understanding the Basics
Protect SAP systems from cyber threats with best practices in authentication, patching, and monitoring. Learn how Onapsis strengthens SAP security.
Assessing Your SAP Implementation: Tips from Onapsis Research Labs
This article explores the different approaches to assessing the security posture of your SAP implementation, ensuring its robustness against potential security threats and attacks.
Infostealers: Silent Thieves That Affect SAP Applications
Stay protected this summer with essential cybersecurity tips. Learn how to stay safe online during holidays and weekends.
Ransomware Attacks on SAP: Key Insights from Our Fireside Chat with Turnkey
SAP systems have experienced a 400% increase in ransomware threats since 2021. This staggering statistic, reported by Onapsis and Flashpoint in their latest Threat Report, illuminates the critical need for organisations running SAP to recognise and address these risks. But why are these attacks on the rise and how can you protect your business? Turnkey recently sat down…
Vulnerabilities Affecting SAP AI Services
Learn about the recent research on SAP AI vulnerabilities and the impact they can have on your organization’s cloud infrastructure.
More Aggressive Time-to-Exploit Vulnerability Trends Affect Oracle and SAP Security Too
On September 28th, Mandiant published their Time-To-Exploit trends report, including several very insightful stats covering vulnerabilities exploited between 2021 and 2022. (It’s a great read on its own, and we recommend you review it!) Here at the Labs, we thought it would be a good idea to correlate the insights from that report and highlight…
Onapsis Research Labs Advisory: CISA Highlights SAP & Oracle vulnerabilities as Frequently Exploited Vulnerabilities in 2022
This advisory takes a long look at 2022 and offers a compelling list of the Common Vulnerabilities and Exposures (CVEs) that were most frequently and consistently exploited throughout last year. Unsurprisingly, for those that have been paying attention to the Onapsis Research Labs for a while now, ERP software vulnerabilities (for Oracle and SAP) made the hot list of 42 observed, frequently exploited vulnerabilities. What might be surprising is that this is the first time that SAP and Oracle vulnerabilities have officially made this list.