A look at the OWASP Top 10 most critical web application security risks
I was given the privilege last week of addressing attendees at the inaugural CyberSecurity for SAP Customers conference in Las Vegas on the topic of GDPR. Specifically, I presented the topic 'Mapping Your SAP Systems to GDPR Compliance Requirements'.
While only in release candidate form, the current proposed changes to the OWASP Top 10 Application Security Risks provide clear guidance for any enterprise that needs to secure and protect their critical enterprise business applications. In general, the OWASP Top 10 and these two additions can be directly applied to an approach and methodology for securing ERP based business applications and systems.
As the Onapsis Security Platform continues to become more widely adopted throughout global enterprises, we have received an overwhelming number of requests to integrate OSP with our customer’s existing SIEM solutions. Based on these requests, we are excited to announce that we have officially launched an integration with Splunk Enterprise. This marks our second SIEM integration following IBM’s QRadar which we launched earlier this month.
I’m excited to announce that Onapsis has just developed a new functionality to provide users with virtual patching for SAP systems. This new capability will allow organizations to have immediate protection from SAP specific vulnerabilities as soon as the Onapsis Security Platform identifies new cybersecurity risks and compliance violations. This is a huge achievement for business-critical application security! Now, information security and SAP BASIS teams will have the time they need to properly evaluate, test and apply the related SAP security notes/patches.
This week you will have seen from our twitter account, (@Onapsis) or other security news feeds like PacketStorm regarding the publication of information about six advisories discovered by the Onapsis Research Labs effecting SAP. In a past blog, Securing Your SAP Through Research, I talked about the importance and value of the security research we do here at Onapsis.
Picture someone walking around a section of your business and simply scanning your business critical data, financial records and other ERP information away. It sounds like something out of Star Trek, but in a report published by Antone Gonsalves on CSO Online this has already happened to at least half a dozen large European and US Companies.
SAP takes their responsibility to help their customers be secure seriously. They have released the SAP HANA Security Guide to help their customers deploy HANA in a secure way. SAP Security Guides are nothing new, they help define a minimum benchmark of a securely deployed SAP system.
In the latest Notes Tuesday Onapsis was credited with discovering and reporting almost half (10 out of 23) of the vulnerabilities addressed by SAP (or alternatively three quarters or one third, depending on how you do the math: there were only 13 Notes that were attributed to third party security researchers of which Onapsis discovered 10. And SAP released 23 security notes on Notes Tuesday; but had also released an additional 10 notes since the last patch Tuesday; bringing the total released during that period to 33).