Details on New Critical Cyber Security Vulnerabilities on HANA-Based Applications

As released earlier today, we’ve published 21 new security advisories detailing unprecedented vulnerabilities affecting all SAP HANA based applications, including SAP S/4HANA and SAP Cloud Solutions running on HANA. Among these are eight “critical risk” vulnerabilities, six of them comprising by-design vulnerabilities in SAP HANA, which require system configuration changes in order to be mitigated.

Oracle fixes 154 Software Vulnerabilities in October 2015

As a company, Onapsis is focused on securing business-critical applications such as SAP and Oracle. An important part of our research relies on identifying, and reporting on critical vulnerabilities in Oracle business applications in order to help Oracle customers reduce the risk to their organization.

SAP HANA Series: An In-Memory Story


In honor of national cyber-security awareness month, we’re kicking off a new blog series focusing entirely around securing SAP HANA. In this series, we will discuss everything from what SAP HANA is, to newly discovered vulnerabilities, security best practices, and recommendations for remediation. Today, we'll start with a blog post meant to educate the security professional about the SAP HANA Platform.

Onapsis Helps SAP Customers Protect Against 10 New Vulnerabilities Affecting SAP HANA

As many of you know, the Onapsis Research Labs regularly releases security advisories detailing the latest known vulnerabilities on SAP applications. Recently, our team has discovered 10 new vulnerabilities that affect SAP HANA. Among these are two “high risk” vulnerabilities which could be used to abuse management interfaces, access corporate data or modify any system configurations, and render systems unusable.

Onapsis Review of New ISACA Book

When talking about IT control standards, ISACA[1] is one of the top reference organizations. For people in the “audit & controls” world, ISACA is a common word. For those who don’t know, ISACA is an independent, nonprofit organization focused on the development of industry-leading knowledge and practices for information systems. ISACA released a new version of its SAP security guide Security, Audit and Control Features – SAP ERP 4th Edition, which is a very complete guide to audit different processes in SAP from a technical point of view.

Oracle publishes 193 new vulnerabilities in July 2015 CPU

As a company, Onapsis is focused on the security of business-critical applications such as SAP and Oracle. While our focus is on SAP applications, we have been doing research on Oracle business applications as well, identifying and reporting critical vulnerabilities. In this sense, Oracle is different from SAP, specifically with the way and timing that security patches are released and available to end users.