16 October | 2013
Onapsis becomes the first SAP-certified solution to enable SAP customers to audit and secure their HANA implementations.
IDG News Service - A new tool from security vendor Onapsis aims to secure SAP's in-memory database HANA, the German company's fastest-growing data processing product.
Onapsis, a Boston-based company that specializes in SAP security, will incorporate the tool into its X1 suite, which scans for vulnerabilities and configuration problems in SAP deployments.Read more.
10 October | 2013
Onapsis named one of the top SAP GRC Partners to Watch in 2014
21 September | 2013
Onapsis Helps SAP Customers Secure Solution Manager with new In-Depth Publication
Cambridge, MA - Onapsis Inc., the leading provider of solutions to assess and protect ERP systems from cyber-attacks, today announces the release of the latest SAP Security In-Depth publication featuring the SAP Solution Manager. With this novel information, SAP customers will have a further understanding of the complexities of SAP Solution Manager and how to better secure it within their organizations.
08 September | 2010
Wie sicher ist meine ERP-Anwendung? Diese Frage will der Sicherheitsanbieter Onapsis mit einer neuen Software beantworten. Zunächst für SAP, später sollen weitere Suiten folgen. Read more.
03 September | 2010
Mariano Nuñez Di Croce, director of research and development at Onapsis, said, "For several years, the auditing and IT security industries have considered that the deployment of segregation-of-duties controls was enough to enforce the security of SAP systems. Read more.
02 September | 2010
02 September | 2010
Onapsis Unveils Security Assessment Tool For SAP.
Onapsis, the leading provider of solutions for the security of ERP systems and business-critical applications, today announced the release of a new solution to address the continuously increasing threats to SAP systems: Onapsis X1.Read more.
18 July | 2011
Onapsis X1 Enterprise 2 Achieves Integration Certification With SAP.
Onapsis, the leading provider of cybersecurity, compliance and continuous monitoring solutions for ERP systems and business-critical infrastructure, today announced that Onapsis X1 Enterprise 2 has achieved certified integration with the SAP NetWeaver' technology platform. Read more.
14 May| 2013
Onapsis X1 Provides Cost-Effective SAP Cyber-Risk Management for Fortune 50 Company
11 April| 2013
Onapsis Inc. and PwC Establish Alliance to Provide Onapsis X1 Capabilities to PwC's Customers
In the News
24 May | 2012
Security Researcher Urges IT Managers to Keep up With SAP Patches.
Attackers targeting SAP platforms don't need access credentials to perform these attacks, said Juan Perez-Etchegoyen, CTO of Onapsis, a Buenos Aires consulting firm focused on ERP systems and business-critical infrastructure. Perez-Etchegoyen made his remarks at the Hack in the Box conference in Amsterdam on Thursday. Read more.
16 May | 2012
SAP security must be holistic.
This is according to Juan Perez-Etchegoyen, CTO at ERP security company Onapsis. Speaking at ITWeb's 7th annual Security Summit yesterday, he said ERP systems store the most critical business information in the organisation, and so security must be looked at holistically.
He added that if the SAP platform is breached, an intruder can perform different attacks. These include espionage, where private information is accessed; sabotage, by shutting down the system or deleting critical information; and fraud, where information is modified and tampered with. Read more.
23 February | 2012
New Oracle ERP Vulnerabilities Unmasked.
Researchers today issued security advisories for eight vulnerabilities, some of them critical, in a popular Oracle enterprise resource planning (ERP) application -- but they don't expect many users to actually apply the patches for them.
The flaws discovered by researchers at security firm Onapsis range from holes that could allow an attacker to access all business information and files, query for passwords, and alter business information processed by the ERP, basically taking complete control of the system. Patches for the vulnerabilities were included in Oracle's latest Critical Patch Update release, and these are the first public details of the flaws. Read more.
22 September | 2011
SAP NetWeaver gives Onapsis certification.
SAP environments are often home to an organization's most important business data, making protecting them paramount for enterprise security.
Oftentimes however, securing these environments is considered synonymous with segregation of duties controls, creating for some a false sense of security - one that Onapsis CEO Mariano Nuñez Di Croce is hoping to change. To illustrate his point, the CEO will lay bare details of an authentication bypass vulnerability at the Ekoparty conference today in Buenos Aires.
The vulnerability is the result of a combination of two problems, he explained. First, there is an insecure authentication scheme by design, where the SAP system trusts that connections always come from legitimate authentication proxies. Second, customers failing to properly implement best-practices security settings detailed by SAP, by applying proper network filtering and trust relationships. Read more.
19 July | 2011
Authentication Vulnerability Enables Attackers to Access SAP Systems, Says Expert.
Onapsis is a leading provider of cyber security and offer compliance and monitoring solutions for enterprise resource planning systems. Read more.
02 May | 2011
ERP Apps Often Left Exposed.
Among Oracle's latest round of patches last month were eight flaws in its JD Edwards enterprise resource planning (ERP) applications -- underscoring how ERP apps are often forgotten when it comes to security, overshadowed by database flaws and other worries. Read more.
13 Jan | 2011
SAP Acquires Security As Black Hats Take Aim.
SAP announced it will acquire a chunk of Secude's security business in order to bolster its identity management capabilities. The deal, made for an undisclosed sum, brings security software, identity and access management software and other related assets into the SAP portfolio. In particular, the deal is focused on Secude's Secure Login and Enterprise Single Sign-On products.
12 jan | 2011
SAP Application Security Spotlighted at Black Hat DC.
With more and more SAP systems getting connected to the Web, the security landscape for many organizations is changing. Just how much—and what those changes mean—will be highlighted at the upcoming Black Hat DC conference by Mariano Nuñez Di Croce, director of research and development for Onapsis. Read more.
11 Jan | 2011
Exploits Target SAP Application.
Mariano Nunez Di Croce, director of research and development for Onapsis, will demonstrate bypassing authentication in SAP Enterprise Portal, injecting a backdoor into a compromised SAP Enterprise Portal, internal port-scanning via SAP Web services, and exploiting vulnerable SAP Web services. Read more.
23 November | 2010
Is SAP afraid of a Stuxnet-style attack?
Enterprise software provider SAP is stepping up its security stance as its once-isolated systems become increasingly connected to the Internet, posing new risks as hackers diversify their targets. Read more.
12 August | 2010
Ensuring SAP security on mobile devices means tough encryption, planning.
The good news is that, currently, mobile applications present fewer SAP security concerns than PCs do. Because there are so many different operating systems out there, targeting a huge base of users with a virus is difficult. Read more.
29 July | 2010
Researcher Warns SAP Prone to Back Door Exploits.
In a talk here at the Black Hat security conference, Di Croce argued that SAP deployments could be at risk from back doors, a technique used by hackers to secure future access to a system while remaining undetected. Read more.
14 April | 2010
SAP, Other ERP Applications At Risk Of Targeted Attacks
Backdoor Trojans and rootkits that let attackers gain a foothold and remain entrenched in a compromised system aren't just for Windows PCs anymore -- SAP and other enterprise resource planning (ERP) applications are also susceptible to this form of attack. Read more.
09 April | 2010
Hacker conference to address emerging Web threats.
Facebook's chief security officer, Max Kelly, is scheduled for a keynote presentation on Wednesday morning following two days of training sessions. The last two days of the conference will focus on briefings featuring research into a variety of threats on the Internet and application vulnerabilities. Read more.
07 April | 2010
SAP vulnerability could expose systems to hacking.
* Vulnerability lets hackers make stealth attacks.
* SAP says only vulnerable if customers ignore advice.
* Research to be presented at Black Hat Europe conference.
Companies using SAP AG's (SAPG.DE) business management software could be vulnerable to stealth attacks by hackers if their systems are not properly configured, according to a computer security expert. Read more.