News & Events

Press Releases


  • Your expert source for strategies, research and information to achieve business-critical application security success.


Stay Engaged

Featured Article

  • ERP: Protecting the pipeline by focusing on business-critical platforms


New Onapsis SAP Security In-Depth Publication Helps SAP Customers Securely Configure their SAP Transport Management System

Cambridge, MA - December 10th, 2013 Onapsis Inc. the leading provider of ERP cyber security solutions, announces the release of the latest Onapsis SAP® Security In-Depth publication detailing how to understand and secure the SAP Transport Management System (TMS). By using the information provided in this publication, SAP customers will be able to gain visibility into the vulnerabilities affecting TMS and how an attacker could abuse common misconfigurations to exploit their systems. Just as importantly, the publication discusses the main concepts and components involved in configuring and maintaining TMS securely.

Juan Perez-Etchegoyen, CTO of Onapsis and industry thought-leader, manages the Onapsis Research and Engineering teams. “The SAP Transport Management System is a key component in the separation of systems (Dev/QA/Prod). If this system is not properly configured, maintained and secured it can become vulnerable to different types of attacks. We are continuously researching on current and future threats to SAP systems, and the TMS was an obscure component until this publication. This only helped the bad guys as organizations did not know the threats they were facing,” stated Juan.

Mariano Nunez, CEO of Onapsis, leads the company’s business and product strategy. “At Onapsis, our goal is to protect SAP systems from cyber attacks. By empowering SAP customers to understand the need to implement security beyond Segregation of Duties (SoD) Controls, and mitigate risks affecting the cyber (NetWeaver/technical) layer of their implementation, we continue to fulfill our mission. For the past seven years, we have been giving presentations and publicly speaking about this topic at major security conferences. With these publications, we can continue to help Information Security and Audit professionals understand these risks, and how to mitigate the potential business impact if they are exploited,” commented Mariano.

The publication can be downloaded from the Onapsis website by Clicking Here. Onapsis is pleased to also announce Juan Perez-Etchegoyen, Onapsis’ CTO, will be presenting a one hour educational webcast reviewing the details of the publication, providing real-life examples of the risks covered in the white-paper and techniques to mitigate them. The Webcast will take place on December 17th at 2:00pm EST; click here to register for the webcast.

About Onapsis

Onapsis gives organizations the adaptive advantage to succeed in securing business-critical applications by combining technology, research and analytics. Onapsis enables every security and compliance team an adaptive approach to focus on the factors that matter most to their business– critical applications that house vital data and run business processes including SAP Business Suite, SAP HANA and SAP Mobile deployments.

Onapsis provides technology solutions including Onapsis X1, the de-facto SAP security auditing tool, and Onapsis Business-Critical Application Security Platform which delivers enterprise vulnerability, compliance, detection and response capabilities with analytics.

The Onapsis Research Labs provide subject matter expertise that combines in-depth knowledge and experience to deliver technical and business-context with sound security judgment. This enables organizations to efficiently uncover security and compliance gaps and prioritize the resolution within applications running on SAP platforms.

Onapsis delivers tangible business results including decreased business risk, highlighted compliance gaps, lower operational security costs and demonstrable value on investment.

Twitter: @onapsis