Onapsis Releases Security Solution for SAP Applications

Onapsis, a provider of business-application cyber resilience, is introducing its Business Risk Illustration assessment for business-critical applications for SAP.

Onapsis’s Business Risk Illustration provides valuable insights into the existing risk posture of an organization's SAP applications, custom code, and systems.

The assessment measures the severity of misconfigurations and vulnerabilities and the risk they pose to the business, providing compliance, IT and security leaders quantitative data that allows them to more effectively communicate business and cyber risk to the executive team and the board of directors.

On May 2, 2019, the Department of Homeland Security issued a US-CERT alert on 10KBLAZE, its third communication in less than three years, regarding the growing threat to enterprise resource planning applications and systems.

Onapsis issued a threat report on the 10KBLAZE exploits, which can lead to full compromise of an organization’s SAP application infrastructure and deletion of all business data, including the modification or extraction of material, highly-sensitive and regulated information.

The Business Risk Illustration program offers a customer organization access to Onapsis’s team of dedicated research experts.

Using a software-backed services engagement approach, where no credentials are provided by the customer, the Onapsis team mimics the behavior of an attacker, identifying the target systems within the organization’s network and detecting existing vulnerabilities, weaknesses in custom code and misconfigurations.

The customer’s SAP applications and systems are rated against the Onapsis’s Business Application Risk Maturity Model, which scores an organization’s risk maturity on a six-stage scale ranging from healthy to high risk. 

The corresponding output provides information technology and security leaders with a quantitative, actionable framework to inform SAP cybersecurity, compliance and cloud migration initiatives.

“There is a disconnect between security leaders, the executive team, and the board, caused by an inability to quantify security risk reduction in a way that is meaningful to the business,” said Shane MacDonald, Vice President of Solution Engineering at Onapsis. “Our Business Risk Illustration assessment arms IT, Information Security and Internal Audit leaders with quantitative data that will facilitate meaningful conversations around how to prioritize security, compliance and cloud investments to better protect business-critical applications.”

For more information about this platform, visit