HomeOnapsis X1Faq

Onapsis Latest Publications


SAP Security In-Depth Vol.4

Read Case Study


Westinghouse Electric

Knowledge pack for SAP® NetweaverTM and R/3®

Why do I need Onapsis X1?

The number of security vulnerabilities affecting SAP solutions is rapidly increasing and, thus, the associated risks. Furthermore, several typical mis-configurations are currently exposing the business critical information to high level risks, such as the possibility of malicious parties performing espionage, sabotage and fraud attacks over vulnerable organizations.


Onapsis X1 will help you to assess the security of your SAP platform in an automated and comprehensive way. Without X1, you would have to invest a many resources in learning what are all the security parameters and aspects of your SAP landscape that you should check, manually connect to each component, download the required information and parse it, either manually or with some specialized tool, understand the involved risks and generate the different reports. All this can be achieved with Onapsis X1 in minutes - on an ongoing basis, not just the one off.

How does it work?

Through our patent-pending technology, Onapsis X1 remotely connects to every component of your SAP platform and performs a deep analysis to detect possible security weaknesses. These checks are stored as signatures in X1's Knowledge Base, the industry's most comprehensive database of SAP security vulnerabilities and mis-configurations. After risks have been detected, you can generate specific actionable reports for different stakeholders in your organization. Furthermore, through the exclusive BizRisk IllustrationTM technology you can safely reproduce vulnerability exploitation and automatically include these results as proof-of-concepts in the generated reports.

Is it dangerous to run Onapsis X1 against Productive servers?

No. Onapsis X1 is designed to automatically exclude checks and exploits that can affect the performance or availability of target systems. Most checks are performed through native interfaces. Sensitive modules, such as denial of service or memory corruption exploits, must be explicitly enabled by the user.

How often is it updated?

As new vulnerabilities are discovered by the Onapsis Research Labs, SAP and the general security community, new signatures are periodically added to the Knowledge Base after extensive QA procedures. Customers will receive monthly updates, containing new signatures as well as new core improvements and add-ons. A Premium subscription is available to suit specific needs for "real-time" vulnerability signatures.

How does licensing work?

Licensing is mainly based on the size of the ERP implementation under analysis, the number of Knowledge Packs required and the time-frame, suiting small and large companies' needs.
Enterprise licensing is based on yearly subscriptions, while Auditing and Security companies can join the Onapsis Partnership Program and obtain per-engagement licenses.
Support is currently provided through email, with industry's standard response time ratios.

How do I request a sales contact?

Please click here and provide us with your contact information. A sales representative will contact you as soon as possible.

How simple is it to use Onapsis X1?

Onapsis X1 is designed to suit different skill-sets. Through many intuitive wizards, you will be able to configure and perform comprehensive vulnerability assessments and policy compliance checks within minutes, even though you may not be experienced SAP security consultant.

If you are a highly skilled security professional, you can opt to use the Interactive mode to perform more fine-grained assessments, through friendly point-and-click actions.

Can I integrate it with my other security solutions?

Yes. Onapsis X1 can produce results in XML format, which can be incorporated into other existing security solutions in your organization.

Does Onapsis X1 support SAP HANA?

Yes, Onapsis X1 can automatically, with no pre-deployed agent like technology discover, fingerprint and audit and assess SAP HANA deployments.

What about other ERP solutions?

Knowledge Packs for other popular ERP solutions are currently under development and will be incorporated in the short term.

What are the system requirements?

The current version of Onapsis X1 has the following requirements:


  • Operating System: Microsoft Windows XP Professional SP3, Microsoft Windows Vista Professional SP2, Microsoft Windows Server 2003 SP2.
  • SAPGUI for Windows (recommended).
  • Browser: Internet Explorer 8 or higher.
  • Processor: 1.5 Ghz or higher.
  • Memory: 2 GB (4 GB recommended)
  • Disk space: 300 MB plus additional space for saving execution sessions.