Press Release

Onapsis Research Labs Surpasses 1,000 Critical Cybersecurity Vulnerabilities Discovered in Business Applications

Onapsis Research Labs, the only security team dedicated to finding and helping mitigate critical vulnerabilities within business applications, reaches material threat intelligence milestone

BOSTON, November 2, 2022Onapsis, the market leader in business application cybersecurity and compliance, today announced it has discovered over 1,000 critical vulnerabilities within SAP and Oracle applications. The team responsible for finding, disclosing, and helping mitigate these vulnerabilities is Onapsis Research Labs. This group of offensive security professionals is the only team dedicated to hunting down vulnerabilities and monitoring how threat actors attack within enterprise resource planning (ERP), supply chain management, customer relationship management, and other business applications. Onapsis Threat Intelligence Cloud combined with this team’s unique expertise allows Onapsis Research Labs to determine tactics, techniques, and procedures used by threat actor groups and ultimately arm customers with this information in the Onapsis Platform. 

With the increase in cyberattacks directly on ERP and other business applications, global enterprises continue to turn to Onapsis for their vulnerability management, threat detection, and response, change assurance, and continuous compliance needs. Onapsis Research Labs is a core reason close to 30% of the Forbes Global 100 rely on Onapsis’ market-leading security solutions to protect their business-critical applications.

“This milestone cannot be overstated for both Onapsis and the ERP security market as a whole,” says Mariano Nunez, Co-founder and CEO of Onapsis. “For the last thirteen years, Onapsis Research Labs has contributed so much to the security community, our partners, and our customers. Discovering and helping mitigate 1,000 vulnerabilities quantifiably underscores the team’s dedication to keeping ERP applications secure, something that wouldn’t be possible without our strategic partnerships with SAP and Oracle.”

This announcement is on the heels of Onapsis’ launch of its Threat Intel Center and its Network Detection Rule Pack. The Threat Intel Center alleviates the burden placed on already-strained security teams by delivering a comprehensive transfer of knowledge, enabling them to efficiently protect their organization while building their expertise in SAP and Oracle security. The Network Detection Rule Pack extends Onapsis Research Lab-powered threat monitoring to the network layer, giving organizations pre-patch protection for the most critical and network-detectable vulnerabilities in business applications. These innovations are examples of Onapsis Research Labs’ threat intelligence providing tangible impact within the Onapsis Platform.

“Our work generates actionable threat intelligence, fueling our technology but also helping us educate the broader communities on how to protect their applications and organizations from growing threats,” says Juan Pablo Perez-Etchegoyen, Co-founder and Chief Technical Officer of Onapsis. “Discovering over 1,000 vulnerabilities is monumental, and when we also consider the criticality of some of these vulnerabilities, the positive impact is even more vast. I am proud to be a part of this achievement and look forward to our continued work with the SAP Product Security Response Team PSRT and Oracle Product Security team to have a material impact on securing business applications.” 

“Onapsis is paving the way for the business-critical application security market,” said Dave DeWalt, Founder & Managing Director of NightDragon and Onapsis board member. “This news signifies the company’s impact on the cybersecurity community and ongoing commitment to protecting the assets that matter most. I look forward to seeing what else the team will accomplish in the months ahead.”

To learn more about Onapsis Research Labs, their research, and findings, visit the Onapsis website or engage with us at one of the following industry conferences. Perez-Etchegoyen will be presenting at API Cybersecurity Conference, one of the largest oil and gas conferences in North America, while members of the Onapsis Research Labs will be presenting and instructing at Black Hat Europe in December.

About Onapsis

Onapsis protects the business applications that run the global economy. The Onapsis Platform uniquely delivers vulnerability management, threat detection and response, change assurance, and continuous compliance for business-critical applications from leading vendors such as SAP, Oracle, and others. The Onapsis Platform is powered by the Onapsis Research Labs, the team responsible for the discovery and mitigation of more than 1,000 zero-day vulnerabilities in business-critical applications.

Onapsis is headquartered in Boston, MA, with offices in Heidelberg, Germany and Buenos Aires, Argentina, and proudly serves hundreds of the world’s leading brands, including close to 30% of the Forbes Global 100, six of the top 10 automotive companies, five of the top 10 chemical companies, four of the top 10 technology companies, and three of the top 10 oil and gas companies.

For more information, connect with us on Twitter or LinkedIn, or visit