Press Release

Onapsis Helps SAP Customers Mitigate Cybersecurity Risks to SAP Business Applications at 2016 SAP SAPPHIRE NOW + ASUG Annual Conference

Boston, MA – May 18, 2016 – Onapsis, the global experts in business-critical application security,today announced it will continue to help educate SAP customers on growing cybersecurity threats to SAP business applications during the 2016 SAP SAPPHIRE NOW + ASUG Annual Conference in Orlando, Florida from May 17 – May 19, 2016.

The business-critical application security market is continuing to expand as attacks against platforms such as SAP are now taking a public spotlight. SAP CEO Bill McDermott highlighted the company’s focus on cybersecurity as a driving force for the future in his keynote speech at SAPPHIRE on Tuesday. This comes on the heels of a Department of Homeland Security (DHS) US-CERT Alert issued last week warning about the significance and implications of an SAP vulnerability, patched by SAP over five years ago, that is being leveraged to exploit the SAP systems of many large-scale global enterprises including SAP Enterprise Resource Planning (ERP) and SAP Customer Relationship Management (CRM).

US-CERT Alert (TA16-132A) “Exploitation of SAP Business Applications” is the first-ever U.S. CERT Alert for SAP business applications and affects SAP systems running outdated or misconfigured software. The observed indicators relate to the abuse of the Invoker Servlet, a built-in functionality in SAP NetWeaver Application Server Java systems (SAP Java platforms). Security researchers from Onapsis discovered indicators of exploitation of these vulnerabilities against 36 organizations’ SAP business applications.

“SAP cybersecurity is often an overlooked part of an organization’s security posture as professionals often have little to no visibility into these mission-critical systems. Based on our experience engaging with large SAP customers, we often find vulnerabilities present in systems despite SAP having released patches as far back as 10 years ago. Many organizations lack the proper preventative, detective and corrective controls to secure a company’s SAP applications, and have a reigning false sense of security provided by generic security products. Our goal is to empower executives to mitigate what we believe is one of the most critical types of cyber risk facing organizations,” said Mariano Nunez, CEO and co-Founder, Onapsis.

During SAP SAPPHIRE, Onapsis will showcase its latest threat intelligence, and strategic recommendations to help organization’s better understand how they can better protect themselves from cyber attacks targeting their business-critical applications.

Onapsis booth at the SAP SAPPHIRE Conference: #1474

To schedule a time to speak with an Onapsis expert while at SAPPHIRE, please visit:

To download a copy of Onapsis’ threat report “The Tip of the Iceberg: Wile Exploitation & Cyber-attacks on SAP Business Applications,” please visit:

About Onapsis

Onapsis provides the most comprehensive solutions for securing SAP and Oracle enterprise applications. As the leading experts in SAP and Oracle cyber-security, Onapsis’ patented solutions enable security and audit teams to have visibility, confidence and control of advanced threats, cyber-risks and compliance gaps affecting their enterprise applications.

Headquartered in Boston, MA, Onapsis serves over 200 customers including many of the Global 2000. Onapsis’ solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, Deloitte, E&Y, IBM, KPMG and PwC.

Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cyber-security solution in the market. Unlike generic security products, Onapsis’ context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs.

These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts of the Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms.

Onapsis has been issued U.S. Patent No. 9,009,837 entitled “Automated Security Assessment of Business-Critical Systems and Applications,” which describes certain algorithms and capabilities behind the technology powering the Onapsis Security Platform™ and Onapsis X1™ software platforms. This patented technology is recognized industry wide and has gained Onapsis the recognition as a 2015 SINET 16 Innovator.

For more information, please visit, or connect with us on Twitter, Google+, or LinkedIn.

Onapsis and Onapsis Research Labs are registered trademarks of Onapsis, Inc. All other company or product names may be the registered trademarks of their respective owners.