Onapsis to Demonstrate Importance of SAP Security During Black Hat USA 2020

BOSTON – July 31, 2020Onapsis, the leader in mission-critical application cybersecurity and compliance, today announced members of the Onapsis Research Labs are presenting significant SAP cybersecurity research at Black Hat USA 2020. In its 23rd year, Black Hat USA is the world's leading information security event which brings together the best minds in the industry. This year’s virtual format will provide remote attendees with the latest security research, developments, and trends.

During the event, Onapsis will showcase its latest threat research for SAP Solution Manager (SolMan). Onapsis researchers will take attendees through a security assessment of SAP SolMan, critical vulnerabilities found by Onapsis and reported to SAP, exploitation examples, how SAP has fixed these issues, and what organizations can do to detect and protect these threats moving forward.

“SAP SolMan is the technical heart of an SAP landscape. It is highly connected and can perform various administration activities remotely on all connected SAP systems,” said Juan Pablo Perez-Etchegoyen, CTO at Onapsis. “However, when speaking about protecting SAP systems, landscapes tend to be large and complex, so SAP SolMan can often go overlooked. Our research highlights critical vulnerabilities and dangerous threats connected to SAP SolMan and why it’s crucial to keeping the rest of your SAP system secure.”

More nformation on the session can be found here, and below:

  • Title: An Unauthenticated Journey To Root: Pwning Your Company's Enterprise Software Servers
  • Presenters: Pablo Artuso, Security Researcher, Onapsis; Yvan Genuer, Senior Security Researcher, Onapsis
  • When: Wednesday, August 5, 2020 from 11:00 am – 11:40 am PT

Abstract: SAP's software relationship with the enterprise is well established, often responsible for processing billions of dollars, but with such a vital role in business, what would the impact be if serious flaws were exploited? At the heart of every SAP deployment there is always one core mandatory product that's connected to many other systems: The SAP SolMan. Given the criticality of this component, the Onapsis Research Labs conducted a thorough security assessment of SAP SolMan to understand the threat model, how attackers could compromise it and how customers should protect themselves.


About Black Hat

For more than 20 years, Black Hat has provided attendees with the very latest in information security research, development, and trends. These high-profile global events and trainings are driven by the needs of the security community, striving to bring together the best minds in the industry. Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors. Black Hat Briefings and Trainings are held annually in the United States, Europe and Asia. More information is available at: blackhat.com. Black Hat is organized by UBM, which in June 2018 combined with Informa PLC to become a leading B2B information services group and the largest B2B Events organizer in the world. To learn more and for the latest news and information, visit www.informa.com


About Onapsis

Onapsis protects the mission-critical applications that run the global economy. The Onapsis Platform uniquely delivers actionable insight, secure change, automated governance and continuous monitoring for critical systems—ERP, CRM, PLM, HCM, SCM and BI applications—from well-known vendors such as SAP, Oracle and leading cloud applications.

Onapsis is headquartered in Boston, MA, with offices in Heidelberg, Germany and Buenos Aires, Argentina. We proudly serve more than 300 of the world’s leading brands, including 20% of the Fortune 100, 6 of the top 10 automotive companies, 5 of the top 10 chemical companies, 4 of the top 10 technology companies and 3 of the top 10 oil and gas companies.

The Onapsis Platform is powered by the Onapsis Research Labs, the team responsible for the discovery and mitigation of more than 800 zero-day vulnerabilities in mission-critical applications. The reach of our threat research and platform is broadened through leading consulting and audit firms such as Accenture, Deloitte, IBM, PwC and Verizon—making Onapsis solutions the de-facto standard in helping organizations protect their cloud, hybrid and on-premises mission-critical information and processes.


For more information, connect with us on Twitter or LinkedIn, or visit us at https://www.onapsis.com.


Onapsis and Onapsis Research Labs are registered trademarks of Onapsis Inc. All other company or product names may be the registered trademarks of their respective owners.

Request a Demo from Onapsis

Ready to eliminate your SAP cyber security blindspot?

Let us show you how simple it can be to protect your business applications.

Request a demo