Email Contact Phone Company Visit Website

Location Head Office

101 Arch St, Floor 17




Gianna DeMonte
[email protected]
Back to all Onapsis announcements

Onapsis Helps SAP Customers Mitigate Cybersecurity Risks to SAP Business Applications

Onapsisthe global experts in business-critical application security, today announced it will continue to help educate SAP customers on growing cybersecurity threats to SAP business applications during the 2016 SAP SAPPHIRE NOW + ASUG Annual Conference in Orlando, Florida.

The business-critical application security market is continuing to expand as attacks against platforms such as SAP are now taking a public spotlight. SAP CEO Bill McDermott highlighted the company’s focus on cybersecurity as a driving force for the future in his keynote speech at SAPPHIRE on Tuesday. This comes on the heels of a Department of Homeland Security (DHS) US-CERT Alert issued last week warning about the significance and implications of an SAP vulnerability, patched by SAP over five years ago, that is being leveraged to exploit the SAP systems of many large-scale global enterprises including SAP Enterprise Resource Planning (ERP) and SAP Customer Relationship Management (CRM).

US-CERT Alert (TA16-132A) “Exploitation of SAP Business Applications” is the first-ever U.S. CERT Alert for SAP business applications and affects SAP systems running outdated or misconfigured software. The observed indicators relate to the abuse of the Invoker Servlet, a built-in functionality in SAP NetWeaver Application Server Java systems (SAP Java platforms). Security researchers from Onapsis discovered indicators of exploitation of these vulnerabilities against 36 organizations’ SAP business applications.

“SAP cybersecurity is often an overlooked part of an organization’s security posture as professionals often have little to no visibility into these mission-critical systems. Based on our experience engaging with large SAP customers, we often find vulnerabilities present in systems despite SAP having released patches as far back as 10 years ago. Many organizations lack the proper preventative, detective and corrective controls to secure a company’s SAP applications, and have a reigning false sense of security provided by generic security products. Our goal is to empower executives to mitigate what we believe is one of the most critical types of cyber risk facing organizations,” said Mariano Nunez, CEO and co-Founder, Onapsis.

During SAP SAPPHIRE, Onapsis will showcase its latest threat intelligence, and strategic recommendations to help organization’s better understand how they can better protect themselves from cyber attacks targeting their business-critical applications.