Press Release

Onapsis Releases First In-Depth Publication for Securing Oracle E-Business Suite Applications

Boston, MA – September 14, 2017 – Onapsis, the global experts in SAP and Oracle application cybersecurity and compliance, today released: “An Introduction to Oracle E-Business Suite Application Security”. As the 14th edition in the Onapsis Security In-Depth publication series, and the first focusing solely on Oracle E-Business Suite (EBS), this guide describes the steps organizations can take to secure Oracle EBS – rated in an August 2017 Ponemon Institute study of close to 600 organizations as the most, or one of the most, critical applications to their operations.

“An Introduction to Oracle E-Business Suite Application Security” also maps how organizations can apply the 2017 Open Web Application Security Project (OWASP) Top 10 most important web application security weaknesses to Oracle EBS. Oracle EBS runs thousands of organizations worldwide. It offers a series of modules that can be integrated with each other, creating a complete business management system which span operations such as Customer Relationship Management (CRM), Finance Management, Human Capital Management, Supply Chain Management, Procurement and many others. The complex configurations and customizations of business-critical applications like Oracle EBS introduce security concerns that, combined with a rising trend in EBS vulnerabilities, if not mitigated properly, are subject to cyberattacks and that could impact the confidentiality, integrity and/or availability of critical business information – at an estimated average cost of $5 million, according to Ponemon.

“Oracle security teams have typically focused on database security or configuring application roles and profiles securely. While both of these security methods are mandatory to any organization, the business application itself represents a massive attack surface that has been overlooked by the Auditing and Information Security practices, despite the fact that these threats could lead to greater business risk. With this publication we hope to give Oracle EBS customers practical steps for looking beyond the database layer to securing the application layer,” said Matias Mevied, Co-Author and Oracle Security Researcher, Onapsis.

An Introduction to E-Business Suite Application Security” is available for download at: https://onapsis.com/introduction-ebs-application-security.

About Onapsis Research Labs™ SAP and Oracle Security Threat Intelligence is produced by Onapsis Research Labs, a team of leading security experts who combine in-depth knowledge and experience to deliver technical analysis with business context and provide sound security judgment to the market. The team works closely with SAP and Oracle product security teams to responsibly deliver the information to customers and has released over 150 advisories to date, with over 100 affecting Oracle EBS; has consulted on impact with over 180 Onapsis enterprise customers; and regularly presents at leading security, Oracle and SAP conferences around the world. Onapsis was the first to deliver “SAP Security In-Depth” publications that provide detailed analysis on security risks impacting SAP and SAP HANA and are now the first to deliver “Oracle Security In-Depth” publications focusing solely on Oracle application security.

About Onapsis Onapsis cybersecurity solutions automate the monitoring and protection of your SAP and Oracle applications, keeping them compliant and safe from insider and outsider threats. As the proven market leader, global enterprises trust Onapsis to protect the essential information and processes that run their businesses. Headquartered in Boston, MA, Onapsis serves over 200 customers including many of the Global 2000. Onapsis’ solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, Deloitte, E&Y, IBM, KPMG and PwC. Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cyber-security solution in the market.

Unlike generic security products, Onapsis’ context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs. These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts of the Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms.

Onapsis has been issued U.S. Patent No. 9,009,837 entitled “Automated Security Assessment of Business-Critical Systems and Applications,” which describes certain algorithms and capabilities behind the technology powering the Onapsis Security Platform™ and Onapsis X1™ software platforms. This patented technology is recognized industry wide and has gained Onapsis the recognition as a 2015 SINET 16 Innovator. For more information, please visit www.onapsis.com, or connect with us on Twitter, Google+, or LinkedIn. Onapsis and Onapsis Research Labs are registered trademarks of Onapsis, Inc. All other company or product names may be the registered trademarks of their respective owners.

###