Onapsis Research Labs
Onapsis Research Labs is a team of the world’s leading cybersecurity experts dedicated to uncovering and mitigating threats in business-critical applications. As the most prolific contributor to SAP and Oracle security research, the Labs have discovered and helped patch over 1,000 zero-day vulnerabilities. Their threat intelligence powers the Onapsis Platform, ensuring that organizations can defend their ERP landscapes against the latest sophisticated attacks before they are exploited in the wild.
The #1 Roadblock to RISE with SAP Success: A Secure-by-Design Guide
The #1 roadblock to a successful RISE with SAP transformation is failing to address security as a core part of the project. RISE with SAP is a “Business Transformation as a Service” (BTaaS) offering, but organizations that treat it as a simple technical migration without embedding security are at high risk. Research shows 70% of…
RISE with SAP and the Shared Responsibility Model
The RISE with SAP Shared Responsibility Model defines who secures what in your transformation. In this model, SAP acts as your single-contact “prime contractor,” managing the hyperscaler (AWS, Azure, or GCP) and infrastructure (IaaS/PaaS) for you. This creates a dangerous “assurance gap,” as customers often assume SAP handles all security for RISE with SAP. In…
Onapsis Research Labs Discovers and Helps Remediate 1,000+ Cybersecurity Vulnerabilities in Business Applications
Onapsis Research Labs, our team of offensive security professionals dedicated to hunting down vulnerabilities within ERP applications, has discovered and helped remediate over 1,000 zero day ERP vulnerabilities within SAP and Oracle applications.
Threat Actors Exploit ERP Vulnerabilities for Financial Gain
Threat actors are exploiting ERP vulnerabilities for financial gain.
Unpatched ERP Vulnerabilities Haunt Organizations
What’s spookier than ghosts and goblins? Threats to your company’s ERP systems. Read how unpatched ERP vulnerabilities can still be a target for cyberattacks.
Attack & Secure SAP Systems with Onapsis Research Labs at Troopers Conference
Join Onapsis Research Labs at Troopers Conference for the fundamentals of how to pentest and secure SAP systems. Students will not only learn to assess the security of critical systems by performing tailored penetration testing, but also how to secure and monitor systems from the latest threats. Meet us there!
How Does HTTP Response Smuggling Work
Research from the Onapsis Research Labs in HTTP Response Smuggling led to the discovery of a set of critical vulnerabilities affecting SAP applications using SAP Internet Communication Manager (ICM). In this blog, learn how HTTP Response Smuggling works.
5 Things To Know About the ICMAD Vulnerabilities in SAP Business-Critical Applications
Onapsis and SAP partnered on the discovery and mitigation of a set of critical vulnerabilities affecting SAP applications actively using the SAP Internet Communication Manager (ICM) component. Read along for five things you should know about the ICMAD vulnerabilities.
Log4j Vulnerability: Threat Intelligence and Mitigation Strategies to Protect Your SAP Applications
With more than 30 SAP applications affected by Log4j vulnerability, it’s important to understand your risk and build a comprehensive vulnerability management program that includes SAP security.