Onapsis Latest Publications

SAP Security In-Depth Vol.4

Read Case Study

Westinghouse Electric



The Leading Provider of ERP Security Solutions

Onapsis Inc. is the leading provider of solutions to protect ERP systems from cyber-attacks. Through our innovative software solutions, our global customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks.

ERPs, CRMs, SCMs and other critical applications from SAP and Oracle (E-Business Suite, PeopleSoft, Siebel, JD Edwards) are used by the organizations of all sizes, all around the world to manage their most sensitive business information and processes. However, empirical experience demonstrates that most of these systems are today vulnerable to malicious hacker attacks.

In the past, ERP Security used to be merely a synonym of Segregation of Duties (SoD) controls – the enforcement of strict user authorizations, roles and profiles. While these controls are of absolute importance, they are not enough: threats affecting the ERP application layer have been overlooked by the Audit and Information Security industries, leaving systems exposed to malicious attacks which could cause a dramatic business impact.

Onapsis Inc. has redefined the industry, providing innovative ERP Security software solutions that help leading organizations decrease business fraud risks and enforce evolving compliance requirements, while significantly reducing involved costs.


In 2007, Onapsis' CEO Mariano Nunez held the first public presentation on advanced cyber-threats to SAP systems and developed the first open source SAP Penetration Testing framework, used by thousands of security professionals around the world. After several years of innovative research and field experience performing specialized SAP security assessments, Mr. Nunez unveiled the surprising fact that most SAP platforms were not implemented securely and, therefore, were exposed to dangerous cyber-threats. In 2009, he and Mr. Montero, Onapsis' COO, decided to found Onapsis with a single but challenging mission: safeguard the world's ERP systems through holistic security solutions.

In 2010, Onapsis X1 was released to the market, becoming the first automated SAP Application Security Assessment solution and the only officially certified by SAP Ag, an endorsement for its reliability and outstanding quality. In 2012, the Company announced the first-and-only solution to detect and stop attacks to SAP systems - Onapsis IPS. In that same year, Onapsis' experts Juan Perez-Etchegoyen and Jordan Santarsieri were again the first to publicly lecture on real-world threats to Oracle business-critical applications Siebel and JD Edwards.

Headquartered in Boston and with offices in Latin America, Onapsis continues its rapid expansion and consolidates as the leading ERP Security firm in the market.

Thought-Leadership: The Onapsis Research Labs

At the heart of the Company are the Onapsis Research Labs. This team is composed of world-renowned experts with a proven track-record in the ERP & SAP Security fields, who are working around the clock to identify, assess and design countermeasures to protect against the latest ERP Security threats.

The following are only some of their most notable achievements:

  • Developers of the first opensource ERP Penetration Testing framework, Bizploit.
  • Developers of the first solution to detect backdoors & rootkits in SAP systems.
  • Developers of the first commercial solution for SAP Application Security assessments.
  • Developers of the first Intrusion Detection and Prevention solution for ERP systems.
  • First to publicly lecture on technical security threats to SAP platforms.
  • Leaders in the discovery of critical SAP & ERP security vulnerabilities.
  • Frequently invited to lecture in the major information security conferences of the world, having presented in more than 65 events in 16 countries.
  • Authors of the “SAP Security In-Depth” publication.

Because of their innovative research, Onapsis' experts have been featured in CNN, Reuters, IDG, New York Times, PCWorld, InformationWeek and InfoWorld, among others.

The output of this team is continuously integrated into all Onapsis products and services, providing customers with an unmatched protection of their business-critical assets.

Unique, Award-winning Solutions

Onapsis' solution portfolio include SAP-certified and patent-pending technologies that have revolutionized the ERP security industry.

  • Onapsis X1. Automate your SAP Vulnerability Assessments, Compliance Audits and Penetration Tests.
  • Onapsis IPS. Detect and stop attacks against your SAP systems.

Onapsis X1 is the first-and-only product of its kind to be officially certified by SAP Ag.

Trusted by Leading Organizations

Protecting your most sensitive business platform requires having a trusted partner.

Headquartered in Boston, Onapsis is relied upon leading organizations such as the US Army, AXA Group, Siemens, Deloitte, Westinghouse and others to better protect their ERP platforms.

Contact us or read our Case Studies. We would be pleased to provide you with our outstanding customer references.

Outstanding Partners: The ERP Security Alliance™

Onapsis Partners are some of the largest and best known Consulting Firms, MSP's, and Resellers worldwide, and specialize in providing their customers with Onapsis products, services, and technical support to ensure secure ERP environments.

Select partners include Deloitte, McAfee, Sourcefire and Symantec.

If you are interested in becoming a partner, contact us here.