The Onapsis Security Blog

The world of business-critical application security and compliance is dynamic, with new developments happening on a continuous basis. Read our blog posts for recommendations, insights and observations on the latest news for safeguarding your SAP® and Oracle® applications.

Nahuel Sanchez

Nahuel Sanchez

Security Researcher Lead

Nahuel D. Sánchez leads the Security Research Team at Onapsis. His work focuses on performing extensive research of SAP products and its components, identifying and reporting security vulnerabilities, attack vectors and advanced exploitation techniques that are applicable to different platforms. Nahuel is one of the most frequent reporter of vulnerabilities in SAP products and has published several "SAP Security In-Depth" documents. He has presented in several security conferences around the world and delivered SAP Security Training several times in both conferences and big companies. He previously worked as a security consultant, evaluating the security of Web applications and as a Penetration Tester in several worldwide projects. His areas of interest include Web security, Reverse Engineering, and Business-Critical Applications Security.

Thumbnail
Blog Banner

Analysis of the SAP HANA Internal Communication Interface

SAP HANA is a very fast growing product in many SAP environments, that has moved away from just an in-memory database to a complete application plus database system. In today’s blogpost we’ll talk about the SAP HANA internal communication interface, discuss its use in different scenarios, the configuration parameters involved and the different options that SAP HANA administrators should consider to secure their systems. We’ll also perform an analysis of the default configuration introduced in SPS 12 reviewing different parameters and how they impact overall security.

Thumbnail
Onapsis Publishes 15 Advisories for SAP HANA and Building Components

Onapsis Publishes 15 Advisories for SAP HANA and Building Components

Today, Onapsis Research Labs released 15 advisories related to SAP HANA and some building components, as well as Internal Communication Channels (also known as TREXNet). This is the first launch of more than 40 advisories we will be publishing in the following month including several vulnerabilities we have discovered in business critical application such as SAP and Oracle. In this blogpost, we'll analyze two different vulnerabilities affecting SAP HANA.

Request a
Business Risk Illustration

Examine the operational risk and cybersecurity posture of your business-critical applications to determine the potential impact of sub-optimal application performance, unplanned downtime and an attack on your organization’s ERP platforms.

Engage