The Onapsis Security Blog

The world of business-critical application security and compliance is dynamic, with new developments happening on a continuous basis. Read our blog posts for recommendations, insights and observations on the latest news for safeguarding your SAP® and Oracle® applications.

Emiliano Fausto

Security Researcher

Emiliano is a Security Researcher at the Onapsis Research Labs. He is a systems engineer from the UTN and holds a Master's degree in Information Security from Universidad de Buenos Aires (UBA). His work is focused on the research and development of new technologies to boost innovation into Onapsis products. He is a frequent author of the publication "SAP Security Notes Analysis". He works very close to the engineering teams implementing research prototypes into Onapsis product line.

Thumbnail
Missing Authorization Checks – SAP Security Notes September 2016

Missing Authorization Checks – SAP Security Notes September 2016

Today is the second Tuesday of September, which means that SAP has released their monthly batch of Security Notes. SAP published 21 SAP Security Notes this month (6 Notes were published after August the 8th, and did not have any Hot News items. Only four Notes this month were considered to be ‘high priority’ (16 were Medium and 1 was Low). Two of the four ‘high priority’ SAP Security Notes are related to the product SAP Adaptive Server Enterprise (SAP ASE - http://go.sap.com/product/data-mgmt/sybase-ase.html):

Thumbnail
Denial of Service Attacks: SAP Security Notes August 2016

Denial of Service Attacks: SAP Security Notes August 2016

Today, SAP released their latest batch of monthly Security Notes. Despite this month not being specifically critical, Denial of Service attacks are a central point of concern. A Denial of Service (DoS) attack intends to make one or more resource unavailable. In the case of SAP, DoS attacks could be a partial and affect only a specific program or database, or they could be complete, taking all SAP infrastructure offline.

Thumbnail
Understanding Clickjacking Attacks: SAP Security Notes July 2016

Understanding Clickjacking Attacks: SAP Security Notes July 2016

On the second Tuesday of every month, SAP releases their latest Security Notes. This month there were 36 SAP Security Notes (taking into account 26 Support Packages and 10 Patch Day Notes & including the ones published after last second Tuesday). Of these notes, there are two important things to highlight:

Request a
Business Risk Illustration

Examine the security posture and risk exposure of your business-critical applications to determine the potential impact of a cyberattack on your organization.

Engage