At Onapsis, we’re not only solution leaders—we’re also thought leaders. Here you’ll find a growing library of materials to help you build your cyber resilience strategy. The more light we can shed on business-critical application security and compliance, the better you can drive your business forward, confidently.

Volume IV: The Invoker Servlet – A Dangerous Detour into SAP Java Solutions

Please complete the registration form in order to download the publication. We will send you an email with your download link.

SAP Application Servers Java, supported by the J2EE Engine, serve as the base framework for running critical solutions such as the SAP Enterprise Portal, SAP Exchange Infrastructure (XI), SAP Process Integration (PI) and SAP Mobile Infrastructure (MI). In addition, customers can also deploy their own custom Java applications on these platforms.

In December 2010, SAP released an important white-paper describing how to protect against common attacks against these applications. Among the security concepts detailed, there was one that was particularly critical: the Invoker Servlet. This functionality is subject to several threats to SAP platforms, such as the possibility of completely bypassing the authentication and authorization mechanisms.

This publication analyzes the Invoker Servlet Detour attack, identifying the root cause of this threat, how to verify whether your platform is exposed and how to mitigate it, effectively protecting your business-critical information against cyber-attacks.

Request a
Business Risk Illustration


Prevent application downtime and costly business disruption

Request an Assessment

Eliminate resource consuming manual audit processes

Request an Assessment

Reduce vulnerabilities and misconfiguration to protect the business

Request an Assessment