Thomas Fritsch
As a key SAP security researcher at Onapsis, Thomas Fritsch is a trusted authority on vulnerability management and emerging threats. Leveraging his extensive career as an SAP expert, he focuses on deeply technical areas like SAP system configuration and transport management. Thomas’s analysis of the latest SAP security patches and vulnerabilities is a core component of the research that provides the in-depth, actionable intelligence organizations need to protect their systems. His role as a respected speaker and publisher further establishes him as a definitive voice in the SAP cybersecurity space, helping to bridge the gap between complex research and real-world security practices.
SAP Security Patch Day: December 2022
This SAP Patch Day blog for December 2022 addresses SAP NetWeaver Process Integration & other Security Notes.
The Risks of SAP RFC Callbacks and How to Avoid Them
This blog explains SAP RFC Callbacks and how to protect your SAP systems.
Protect SAP Systems With Unified Connectivity Framework (UCON)
This blog post will explain the main aspects of Unified Connectivity Framework (UCON) and how it can be used to decrease the attack surface for malicious RFC calls by 95%.
SAP Development System: A Critical Entry Point for Attacks
SAP development systems are an often underestimated entry point for attacks.
SAP Patch Day: November 2022
SAP released 14 new and updated SAP security patches for its November SAP Patch Day. Onapsis Research Labs contributed to fixing three new SAP vulnerabilities.
Password Hash Cracking, User Cloning, and User Impersonation: Three Risks Every SAP Customer Should Know
Password hash cracking, user cloning, and user impersonation are realistic attack scenarios in SAP systems. This blog post explains how SAP customers can protect their systems.
SAP Security Patch Day: October 2022
SAP’s October Patch Day includes two HotNews notes with a high CVSS score in SAP Manufacturing Execution and SAP Commerce, along with multiple updated notes in SAP Business Objects.
SAP Security Patch Day: September 2022
SAP Patch Day for September 2022 includes 16 new and updated Security Notes (including the notes that were released or updated since last Patch Tuesday).
Important Audit Aspects of the SAP Change and Transport System (CTS)
This blog discusses technical considerations in SAP Change and Transport Systems to adhere to audit requirements.