At Onapsis, we’re not only solution leaders—we’re also thought leaders. Here you’ll find a growing library of materials to help you build your cyber resilience strategy. The more light we can shed on business-critical application security and compliance, the better you can drive your business forward, confidently.

Publications
SAP has issued three HotNews Security Notes for Solution Manager (SolMan), dating back to 2019. The most recent (March 2020) addresses a critical vulnerability. An exploit of this vulnerability can be unauthenticated, needing no user credentials, leading to access of any SAP system to potentially cause fraud, theft and disruption.
Publications
SAP Security
In February 2017, SAP released Security Note 2413716 regarding configuration changes to secure Trusted RFC for GRC Access Control (AC) Emergency Access Management (EAM), which was a High Priority note.
Publications
SAP Security
SAP HANA is being pushed by SAP as the absolute in-memory database for its products, and more recently, as a standalone platform.
Publications
SAP Security
SAP HANA is being pushed by SAP as the absolute in-memory database for its products, and more recently, as a standalone platform.
Publications
SAP Security
When thinking of SAP security we tend to always think of SAP servers and pay little attention to the tools used by end-users that connect to most of our SAP Systems, as well as the way those tools are used.
Publications
SAP Security
Every organization running SAP to support its business-critical processes has typically implemented several systems in complex scenarios.
Publications
SAP Security
Implementing proper security controls for a BusinessObjects implementation is a complex process.
Publications
SAP Security
In all SAP implementations there are many reasons why organizations would need to make changes and updates on a regular basis.
Publications
SAP Security
By design the SAP Solution Manager is connected to all SAP systems (i.e. ERP, CRM, BI, etc), making it a critical component of any SAP implementation: if successfully exploited by an attacker, all the satellite SAP environments, and therefore their business information, could be completely compromised.
Publications
SAP Security
The SAProuter is one of the most critical components of any SAP implementation. Working as an application-level gateway, it is usually connected to untrusted networks and is intended to restrict access to the backend SAP systems.
Publications
SAP Security
While the comment, SAP platforms are only accessible internally, was true in many organizations more than a decade ago, today, driven by modern business requirements for interconnectivity, SAP systems are very often connected to the Internet.
Publications
SAP Security
SAP Application Servers Java, supported by the J2EE Engine, serve as the base framework for running critical solutions such as the SAP Enterprise Portal, SAP Exchange Infrastructure (XI), SAP Process Integration (PI) and SAP Mobile Infrastructure (MI).

Request a
Business Risk Illustration

OPERATIONAL RESILIENCY ASSESSMENT

Prevent application downtime and costly business disruption

Request an Assessment
AUDIT EFFICIENCY ASSESSMENT

Eliminate resource consuming manual audit processes

Request an Assessment
CYBER RISK 
ASSESSMENT

Reduce vulnerabilities and misconfiguration to protect the business

Request an Assessment