Thomas Fritsch
As a key SAP security researcher at Onapsis, Thomas Fritsch is a trusted authority on vulnerability management and emerging threats. Leveraging his extensive career as an SAP expert, he focuses on deeply technical areas like SAP system configuration and transport management. Thomas’s analysis of the latest SAP security patches and vulnerabilities is a core component of the research that provides the in-depth, actionable intelligence organizations need to protect their systems. His role as a respected speaker and publisher further establishes him as a definitive voice in the SAP cybersecurity space, helping to bridge the gap between complex research and real-world security practices.
Dangers in SAP® Transport Management Part 5
Welcome to the final installment of our series on the Dangers in SAP Transport Management. In our final post, we’ll focus on how an attacker could leverage logical file names and logical OS commands within SAP transports to access, modify and exfiltrate data.
SAP Security Patch Day April 2021: Serious Vulnerability Patched in SAP Commerce
SAP has released 23 new and updated SAP Security Notes in its April 2021 patch release, including the notes that were released since last patch day. As part of this month’s patch release, there are three HotNews notes and five High Priority notes.
Dangers in SAP® Transport Management Part 4
Welcome back to our blog series on the Dangers in SAP® Transport Management. In this fourth installment, we’re focused on automated code execution while importing.
Dangers in SAP Transport Management: Part 3
This is part three of our blog series on the Dangers in SAP Transport Management. In part one, we give an intro to SAP Transports. In part two, we went over the starting point of this attack, the transaction SU24. In this third installment, we’re focused on the manipulation of job management and its associated risks to SAP Transports.
SAP Security Patch Day March 2021: Critical Patch Released for SAP MII and SAP NetWeaver AS Java
SAP has released 18 new and updated SAP Security Notes in its March 2021 patch release, including the notes that were released since last patch day. As part of this month’s patch release, there are four HotNews notes and one High Priority note.
SAP Security Patch Day February 2021: Critical Patch released for SAP Commerce
SAP has released 20 new and updated SAP Security Notes on February’s Patch Day, including the notes that were released since last Patch Day.
The Risks of Third Party Software in SAP
The SolarWinds attack was detected in late 2020 and is already considered one of the most critical cyber threats ever. Learn more in our blog post now.
SAP Security Notes in 2020—an Analysis of an Extraordinary Year
“60% of data breaches are caused by a failure to patch. If you correct that, you’ve eliminated 60% of breaches.” Ricardo Lafosse, CISO of Morningstar, at SecureWorld Chicago.
Dangers in SAP Transport Management: Part 2
The first article of this series spoke about the global deactivation of authorization checks for single authorization objects per transport. A similar risk results from the possibility of deactivating authorization checks transaction-specifically. With this method, it is even more difficult to detect an attack, as the impact can be limited to one transaction.