Onapsis to Present Critical ERP Vulnerability Research During Black Hat USA 2023


Security researchers Pablo Artuso and Yvan Genuer set to lead briefing in Las Vegas, demonstrate latest findings on ERP cybersecurity from the Onapsis Research Labs


BOSTON—August 2—Onapsis, the market leader in business application security and compliance, today announced that members of the Onapsis Research Labs (ORL) will be leading a briefing at Black Hat USA 2023, documenting the team’s ongoing research into today's most consequential SAP vulnerabilities, and detailing how customers can mitigate them to protect their business-critical applications.

Now in its 26th year, Black Hat USA is the world’s leading information security event, bringing together some of the sharpest minds in the industry. This year’s conference will take place at the Mandalay Bay Convention Center in Las Vegas, Nevada, and runs from Saturday, August 5 – Thursday, August 10.

During the event, attendees will have an opportunity to hear from Onapsis Lead Security Researcher Pablo Artuso and Sr. Security Researcher Yvan Genuer as they detail the findings of the Onapsis Research Labs' investigation into the family of SAP enterprise software vulnerabilities known as “P4CHAINS,” which have been reported in coordinated disclosure and patched by SAP. Ahead of the upcoming session, Onapsis is today releasing its full report of findings here. More details on the briefing can be found on the Black Hat site and listed below. 


Chained to Hit: Discovering New Vectors to Gain Remote and Root Access in SAP Enterprise Software

At the core of every business, there will always be a mission-critical application system. Despite the significance of these systems, organizations continually overlook their security, putting businesses at elevated risk of exploitation. This presentation will highlight the Onapsis Research Labs' months-long research efforts into a series of chainable vulnerabilities discovered in SAP’s P4 protocol, the foundation of key SAP applications like Enterprise Resource Planning (ERP), Supply Chain Management (SCM), and Customer Relations Management (CRM).

  • Date: Wednesday, August 9th | 10:20 a.m. - 11:00 a.m. PT
  • Location: Islander HI, Level 0 | Mandalay Bay Convention Center, Las Vegas, NV
  • Presenters: Onapsis Lead Security Researcher: Pablo Artuso & Sr. Security Researcher: Yvan Genuer


“Our team continues to work closely with SAP to identify and mitigate zero-day vulnerabilities, and P4CHAINS is another great outcome of this strategic partnership,” said Mariano Nunez, CEO and co-founder of Onapsis. “It’s always an honor to be able to highlight the contributions of the hard-working Onapsis Research Labs on one of the biggest stages in information security. This presentation will illustrate the true complexity of securing critical applications, how these known vulnerabilities can leave organizations exposed and what they need to do to protect themselves.” 

Onapsis will be hosting threat briefings and business meetings alongside NightDragon at Mandalay Bay’s executive suites during the two-day main conference. During this time, Onapsis’ security experts will be available to chat through best practices for securing SAP and Oracle business applications. 

“It’s phenomenal to see Black Hat further highlighting the critical importance of ERP application security research. It is one of the weakest links in major enterprises, especially as they move these applications to the cloud,” says Dave DeWalt, Former CEO, FireEye, McAfee, Documentum and Founder & CEO of NightDragon. “Onapsis has the foremost experts in ERP application threat hunting, and it will be eye-opening for many organizations to see how vulnerability chaining can have far-reaching consequences, also affecting the crown jewels and most regulated applications for the Global Fortune 2000.”

To learn more about how Onapsis can help secure your business application landscape in today’s increasingly interconnected environment, schedule a meeting with the Onapsis team at Black Hat USA here: https://onapsis.com/blackhat-23


About Onapsis

Onapsis protects the business applications that run the global economy. The Onapsis Platform delivers vulnerability management, change assurance, and continuous compliance for business applications from leading vendors such as SAP, Oracle, and others. The Onapsis Platform is powered by the Onapsis Research Labs, the team responsible for the discovery and mitigation of more than 1,000 zero-day vulnerabilities in business applications.

Onapsis is headquartered in Boston, MA, with offices in Heidelberg, Germany and Buenos Aires, Argentina, and proudly serves hundreds of the world’s leading brands, including close to 30% of the Forbes Global 100, six of the top 10 automotive companies, five of the top 10 chemical companies, four of the top 10 technology companies, and three of the top 10 oil and gas companies.

For more information, connect with Onapsis on Twitter or LinkedIn, or visit https://www.onapsis.com.


Threat Brief


Request a Demo from Onapsis

Ready to eliminate your SAP cyber security blindspot?

Let us show you how simple it can be to protect your business applications.

Request a demo