The Onapsis Security Blog

Die Welt der Sicherheit und Compliance-Konformität von geschäftskritischen Anwendungen ist äußerst dynamisch. In unseren Blog-Posts finden Sie Beobachtungen, Einblicke und Empfehlungen zu den neuesten Nachrichten zum Schutz Ihrer SAP®- und Oracle®-Anwendungen.

Nahuel Sanchez

Security Researcher Lead

Nahuel D. Sánchez leads the Security Research Team at Onapsis. His work focuses on performing extensive research of SAP products and its components, identifying and reporting security vulnerabilities, attack vectors and advanced exploitation techniques that are applicable to different platforms. Nahuel is one of the most frequent reporter of vulnerabilities in SAP products and has published several "SAP Security In-Depth" documents. He has presented in several security conferences around the world and delivered SAP Security Training several times in both conferences and big companies. He previously worked as a security consultant, evaluating the security of Web applications and as a Penetration Tester in several worldwide projects. His areas of interest include Web security, Reverse Engineering, and Business-Critical Applications Security.

Blog Banner

Analysis of the SAP HANA Internal Communication Interface

SAP HANA is a very fast growing product in many SAP environments, that has moved away from just an in-memory database to a complete application plus database system. In today’s blogpost we’ll talk about the SAP HANA internal communication interface, discuss its use in different scenarios, the configuration parameters involved and the different options that SAP HANA administrators should consider to secure their systems. We’ll also perform an analysis of the default configuration introduced in SPS 12 reviewing different parameters and how they impact overall security.

Onapsis Publishes 15 Advisories for SAP HANA and Building Components

Onapsis Publishes 15 Advisories for SAP HANA and Building Components

Today, Onapsis Research Labs released 15 advisories related to SAP HANA and some building components, as well as Internal Communication Channels (also known as TREXNet). This is the first launch of more than 40 advisories we will be publishing in the following month including several vulnerabilities we have discovered in business critical application such as SAP and Oracle. In this blogpost, we'll analyze two different vulnerabilities affecting SAP HANA.

Fordern Sie eine kostenlose
Geschäftsrisiko-Illustration an

Untersuchen Sie die Sicherheitslage und das Risiko Ihrer geschäftskritischen Anwendungen, um die möglichen Auswirkungen eines Cyberangriffs auf Ihr Unternehmen zu ermitteln.