Thomas Fritsch
As a key SAP security researcher at Onapsis, Thomas Fritsch is a trusted authority on vulnerability management and emerging threats. Leveraging his extensive career as an SAP expert, he focuses on deeply technical areas like SAP system configuration and transport management. Thomas’s analysis of the latest SAP security patches and vulnerabilities is a core component of the research that provides the in-depth, actionable intelligence organizations need to protect their systems. His role as a respected speaker and publisher further establishes him as a definitive voice in the SAP cybersecurity space, helping to bridge the gap between complex research and real-world security practices.
Using Generic Application Access Rules in SAP Custom Development
SAP applications often require the need to restrict access for certain entities to a subset of all instances. In most scenarios, SAP’s authorization concept is sufficient for this purpose. However, there are some disadvantages using SAP authorizations: Developers can eliminate these disadvantages by integrating allowlists into business processes. By assigning an appropriate delivery class to…
SAP Patch Day: February 2023
SAP Patch Day for February 2023 addresses twenty-six new & updated security patches which include one HotNews Note & five High Priority Notes.
SAP Patch Day: January 2023
SAP patch day for January 2023 addresses critical vulnerabilities patched for SAP AS ABAP and Java.
A Look Back at SAP Vulnerabilities in 2022
Onapsis Research Labs shares some of the top SAP security vulnerabilities organizations should be aware of from 2022.
SAP Security Patch Day: December 2022
This SAP Patch Day blog for December 2022 addresses SAP NetWeaver Process Integration & other Security Notes.
The Risks of SAP RFC Callbacks and How to Avoid Them
This blog explains SAP RFC Callbacks and how to protect your SAP systems.
Protect SAP Systems With Unified Connectivity Framework (UCON)
This blog post will explain the main aspects of Unified Connectivity Framework (UCON) and how it can be used to decrease the attack surface for malicious RFC calls by 95%.
SAP Development System: A Critical Entry Point for Attacks
SAP development systems are an often underestimated entry point for attacks.
SAP Patch Day: November 2022
SAP released 14 new and updated SAP security patches for its November SAP Patch Day. Onapsis Research Labs contributed to fixing three new SAP vulnerabilities.