Ezequiel Gutesman

Director of Research

He has led security research projects for the last 8 years, giving talks and presentations in international security conferences. Ezequiel is responsible for Onapsis' innovation in cutting-edge security assessment techniques and defensive technologies for Business Critical Applications.









Details on New Critical Cyber Security Vulnerabilities on HANA-Based Applications

As released earlier today, we’ve published 21 new security advisories detailing unprecedented vulnerabilities affecting all SAP HANA based applications, including SAP S/4HANA and SAP Cloud Solutions running on HANA. Among these are eight “critical risk” vulnerabilities, six of them comprising by-design vulnerabilities in SAP HANA, which require system configuration changes in order to be mitigated.

SAP HANA Series: An In-Memory Story

Hello!

In honor of national cyber-security awareness month, we’re kicking off a new blog series focusing entirely around securing SAP HANA. In this series, we will discuss everything from what SAP HANA is, to newly discovered vulnerabilities, security best practices, and recommendations for remediation. Today, we'll start with a blog post meant to educate the security professional about the SAP HANA Platform.

Onapsis Helps SAP Customers Protect Against 10 New Vulnerabilities Affecting SAP HANA

As many of you know, the Onapsis Research Labs regularly releases security advisories detailing the latest known vulnerabilities on SAP applications. Recently, our team has discovered 10 new vulnerabilities that affect SAP HANA. Among these are two “high risk” vulnerabilities which could be used to abuse management interfaces, access corporate data or modify any system configurations, and render systems unusable.

2014 SAP Security Advisories – A Year in Review and Future Trends

2014 has been an incredible year for SAP security. Advanced threats targeting SAP systems that run business-critical applications are rising at an alarming rate. This year alone there have been 391 security notes to date, with 46% ranking as 'high priority' vulnerabilities. Out of these, our Research Labs reported 44 new vulnerabilities and 35 advisories affecting SAP platforms and related products such as SAP HANA, BusinessObjects, and SAP Business Suite running CRM and ERP.

SAP Security Note 2067859 Potential Exposure to Digital Signature Spoofing

This week, SAP AG published a hot news item titled: "SAP Security Note 2067859 (Potential Exposure to Digital Signature Spoofing)", which alerts users about a potential vulnerability in certain cryptographic libraries used in SAP NetWeaver Application Server ABAP and SAP HANA. By abusing these libraries, an attacker could potentially spoof (i.e., successfully masquerade as a legitimate user) Digital Signatures produced in vulnerable systems.

Analyzing SAP Security Notes December 2013 Edition

SAP is a complex and ever evolving implementation; whether that is through changes introduced to your SAP implementation to better serve the business or the newly disclosed vulnerabilities targeting SAP products. In order to provide a predictable and scheduled flow of security, vulnerability and mitigation information SAP releases their latest Notes and security information regarding their products on the second Tuesday of every month.

Assessing the security of SAP ecosystems with bizploit: The SAP Management Console

The SAP Management Console (SAP MC) is the centralized system management component. It allows you to monitor and control each SAP instance, display log and trace files, profiles and other parameters. You can also monitor system alerts and deep information about memory usage and processes in the system (e.g. Java VM® garbage collection and heap memory).

Subscribe to our monthly newsletter, the Defender's Digest!