archive

Why SAP customers need DevSecOps now more than ever

Setting DevSecOps goals are a key component for aligning mission-critical application functionality with business needs. However, these goals create challenges for teams supporting SAP mission-critical applications. With multiple technologies, architectures, and a lack of unified development sets, SAP application developers handle changes through manual coding and change processes.

Errors in custom code can create quality, security, and compliance issues that impact application integrity and open the door to vulnerabilities. In fact, research shows there is more than one security or compliance issue per 1,000 lines of ABAP code, with a typical SAP environment averaging 2,150 issues. An analysis to find mistakes in SAP custom code should be mandatory but doesn’t always occur. Secure coding is seldom taught, and pre-production analysis is rare. This type of automated code analysis during development, or at least integration into the dev environment, is only used by a small set of SAP customers.

During this presentation, Onapsis CTE, Fred Weidermann, will explain why the DevSecOps process is core to continuous improvement in mission-critical applications. Perez-Etchegoyen will explain the steps needed to ensure SAP application availability, avoid costly repairs, eliminate downtime, establish a security baseline, and continuously monitor for misconfigurations and vulnerabilities.

Attend this session to understand how a robust DevSecOps process can:

  • Help accelerate application delivery and key projects, such as SAP S/4HANA transformation and cloud migrations
  • Find and fix security, compliance, and quality issues in custom code and transports that could impact performance, availability, and uptime
  • Avoid critical issues that can result in delays or rework by checking code, transports, and package completion prior to release
  • Analyze code, transports, configurations, and authorizations against established baselines throughout the SDLC
  • Help continuously monitor for risks, suspicious activity, and other threats to ensure applications remain protected and compliant once in production



MEET THE AUTHORS

Fred Weidemann Onapsis
Read More

Frederik is a cybersecurity expert and Chief Technical Evangelist at Onapsis. He has presented over 50 times at SAP and security-related conferences including RSA, Troopers, SAPPHIRE, TechEd, SAPinsider, ASUG, DSAG, and OWASP. He has focused on SAP security for the last 14 years and is the co-author of the first book on secure ABAP programming. Frederik also frequently writes articles on SAP security and has found numerous zero-day defects in mission-critical applications.



Automating risk management at the speed of threats

With an increase in malicious cyber activity, organizations are  racing to secure their mission-critical applications powered by SAP. An increase in exploitable vulnerabilities means your essential applications, the data running through them, and your operations as a whole are at risk. In this session, we will highlight the current risks organizations are facing and share how automating risk management can help you keep pace with emerging threats. Attend this session to:

  • Understand the need for automated visibility into the risk posture of your systems
  • Create a broader risk management program that includes a view of mission-critical assets needing protection
  • Learn how to mitigate SAP risks to your data and applications



MEET THE AUTHORS

Alex Horan Onapsis
Read More

Alex Horan, Vice President of Product Management for Onapsis, is responsible for the development of ERP vulnerability assessment, testing and securing solutions. Alex has over 18 years of experience working within the IT security industry, covering both software and hardware. He brings a deep knowledge and understanding of vulnerability assessment and penetration testing, as well as systems and network administration and auditing, to his work at Onapsis. Alex has previously worked for mid- and large-sized companies helping to design and maintain their security posture.



Onapsis Webinar Series - Securing the Intelligent Enterprise from Cyberattacks - 3 live session dates!

Webinar - Live Sessions on 6/16, 6/21, and 6/24

Join Onapsis and SAP as we highlight how to address security and compliance issues so you can protect your mission-critical applications.

In this interactive roundtable session, we will discuss the latest threat landscape targeting SAP applications, the importance of keeping up with patches and the need to continuously assess and monitor SAP applications to quickly detect and respond to issues and threats—keeping you protected. Learn how you can integrate SAP applications into your cybersecurity and governance, risk and compliance (GRC) programs. By attending this session, you will learn:
  • How threat researchers work with SAP to continually improve security for customers
  • Recent threat landscape discoveries and recommendations for a secure and compliance SAP landscape
  • The benefits of this partnership for SAP customers
  • How to assess your SAP applications for vulnerabilities and misconfigurations
  • Why you need to continuously monitor for internal and external threats to ensure your mission-critical application are protected
  • How to ensure digital transformation initiatives are successful and protected, despite an expanding threat landscape
For your convenience, this live session will be presented on 3 separate dates.  Register now using the corresponding buttons below:  

Wednesday, June 16th – 10:00 AM EST

Monday, June 21st – 16:00 CET

Wednesday, June 24th - 10 AM PST

MEET THE AUTHORS

Juan Perez-Etchegoyen CTO, Onapsis
Read More

JP leads the innovation team that keeps Onapsis on the cutting edge of the Business-Critical Application Security market, addressing some of the most complex problems that organizations are currently facing while managing and securing their ERP landscapes. JP helps manage the development of new products as well as support the ERP cybersecurity research efforts that have garnered critical acclaim for the Onapsis Research Labs. JP is regularly invited to speak and host trainings at global industry conferences, including Black Hat, HackInTheBox, AppSec, Troopers, Oracle OpenWorld and SAP TechEd, and is a founding member of the Cloud Security Alliance (CSA) Cloud ERP Working Group. Over his professional career, JP has led many Information Security consultancy projects for some of the world's biggest companies around the globe in the fields of penetration and web application testing, vulnerability research, cybersecurity infosec auditing/standards, vulnerability research and more.

Siddhartha Rao SAP
Read More

Siddhartha Rao is the Vice President in-charge of Product Security Response at SAP and the author of best-selling Teach Yourself C++. As the owner of policies and processes governing responsible disclosure at SAP, he is widely consulted on secure development and operations best-practices. Passionate about security and data protection, Siddhartha looks forward to sharing thoughts that help secure SAP customers the world over.

Securing the Intelligent Enterprise from Cyberattacks

Webinar - Thursday June 24th at 1pm ET

Join Onapsis and SAP as we highlight how to address security and compliance issues so you can protect your mission-critical applications.

In this session we will discuss the latest threat landscape targeting SAP applications, the importance of keeping up with patches and the need to continuously assess and monitor SAP applications to quickly detect and respond to issues and threats—keeping you protected.

Learn how you can integrate SAP applications into your cybersecurity and governance, risk and compliance (GRC) programs. By attending this interactive roundtable, you will learn:

  • How threat researchers work with SAP to continually improve security for customers
  • Recent threat landscape discoveries and recommendations for a secure and compliance SAP landscape
  • The benefits of this partnership for SAP customers
  • How to assess your SAP applications for vulnerabilities and misconfigurations
  • Why you need to continuously monitor for internal and external threats to ensure your mission-critical application are protected
  • How to ensure digital transformation initiatives are successful and protected, despite an expanding threat landscape
Register Now

MEET THE AUTHORS

Juan Perez-Etchegoyen CTO, Onapsis
Read More

JP leads the innovation team that keeps Onapsis on the cutting edge of the Business-Critical Application Security market, addressing some of the most complex problems that organizations are currently facing while managing and securing their ERP landscapes. JP helps manage the development of new products as well as support the ERP cybersecurity research efforts that have garnered critical acclaim for the Onapsis Research Labs. JP is regularly invited to speak and host trainings at global industry conferences, including Black Hat, HackInTheBox, AppSec, Troopers, Oracle OpenWorld and SAP TechEd, and is a founding member of the Cloud Security Alliance (CSA) Cloud ERP Working Group. Over his professional career, JP has led many Information Security consultancy projects for some of the world's biggest companies around the globe in the fields of penetration and web application testing, vulnerability research, cybersecurity infosec auditing/standards, vulnerability research and more.

Siddhartha Rao SAP
Read More

Siddhartha Rao is the Vice President in-charge of Product Security Response at SAP and the author of best-selling Teach Yourself C++. As the owner of policies and processes governing responsible disclosure at SAP, he is widely consulted on secure development and operations best-practices. Passionate about security and data protection, Siddhartha looks forward to sharing thoughts that help secure SAP customers the world over.

Securing the SAP Landscape Against Cyber Threats Benchmark Report

Over the past several years SAP systems have increasingly been targeted for cybersecurity attacks as they contain some of the most critical data within the organization. Part of the reason for this is the fact that those SAP systems are increasingly becoming more connected with each other, with applications like SAP SuccessFactors and SAP Ariba now connected with other financial and ERP systems. But another factor is that there is more information on potential exploits and security flaws being found and shared. Combined with a now largely remote workforce where user roles and access may have broadened to facilitate teams that are no longer under the same roof, systems are now at risk more than ever.

Read the report to:

  • Discover what drives security for the SAP landscape.
  • Understand how SAPinsiders approach securing their SAP landscape.
  • Find out which technologies are being used to secure SAP systems.
  • Learn the top requirements for cybersecurity.
  • Gain your steps to success.

Download the report now!


Cloudy with a chance of security & compliance

Security and compliance continue to be the top concerns for migrating to SAP S/4HANA in the cloud, even above performance, flexibility, and cost. That’s because, ultimately, it’s still your responsibility to ensure the security of your data and applications – even if they reside in someone else’s datacenter. Fortunately, a strong cloud provider and the right tools can take security from a project roadblock to an accelerator, while keeping your data and applications protected along the way.

Join Google and Onapsis for an open dialogue on best practices for SAP S/4HANA transformations and running SAP in the cloud, including discussion on:

  • Shared security models and how to “trust but verify” your cloud provider’s environment
  • Security best practices at the application level
  • How to build security into SAP S/4HANA transformation projects from the start and maintain that posture throughout deployment and beyond
  • Real world examples from SAP S/4HANA and cloud migration success stories


MEET THE AUTHORS

Michael Harding Google Cloud
Read More

Mike has spent all of his 20+ year career in the SAP space, with a focus on technology and architecture. Spanning a variety of roles as a consultant, partner, and even as a full-time customer practitioner, Mike has a breadth of experience across the SAP ecosystem, including early adoption of cloud technologies for SAP applications. He joined Google Cloud in early 2020, and is responsible for driving partner success and Go To Market motions, with a lens towards enabling customers’ digital transformations. Mike lives in the Boston area, and aside from spending quality time with his wife and their two children, he enjoys cooking, outdoor activities, or a good house project.

Juan Perez-Etchegoyen CTO, Onapsis
Read More

JP leads the innovation team that keeps Onapsis on the cutting edge of the Business-Critical Application Security market, addressing some of the most complex problems that organizations are currently facing while managing and securing their ERP landscapes. JP helps manage the development of new products as well as support the ERP cybersecurity research efforts that have garnered critical acclaim for the Onapsis Research Labs. JP is regularly invited to speak and host trainings at global industry conferences, including Black Hat, HackInTheBox, AppSec, Troopers, Oracle OpenWorld and SAP TechEd, and is a founding member of the Cloud Security Alliance (CSA) Cloud ERP Working Group. Over his professional career, JP has led many Information Security consultancy projects for some of the world's biggest companies around the globe in the fields of penetration and web application testing, vulnerability research, cybersecurity infosec auditing/standards, vulnerability research and more.



Securing the SAP Landscape Against Cyber Threats Benchmark Webinar

Over the past several years SAP systems have increasingly been targeted for cybersecurity attacks as they contain some of the most critical data within the organization. Part of the reason for this is the fact that those SAP systems are increasingly becoming more connected with each other, with applications like SAP SuccessFactors and SAP Ariba now connected with other financial and ERP systems. But another factor is that there is more information on potential exploits and security flaws being found and shared. Combined with a now largely remote workforce where user roles and access may have broadened to facilitate teams that are no longer under the same roof, systems are now at risk more than ever.

Attend the webinar to:

  • Discover what drives security for the SAP landscape.
  • Understand how SAPinsiders approach securing their SAP landscape.
  • Find out which technologies are being used to secure SAP systems.
  • Learn the top requirements for cybersecurity.
  • Gain your steps to success.

Attend the Webinar

Securing the Intelligent Enterprise from Cyberattacks

Roundtable - Monday June 21 at 10 AM ET

Join Onapsis and SAP as we highlight how to address security and compliance issues so you can protect your mission-critical applications. In this session we will discuss the latest threat landscape targeting SAP applications, the importance of keeping up with patches and the need to continuously assess and monitor SAP applications to quickly detect and respond to issues and threats—keeping you protected. Learn how you can integrate SAP applications into your cybersecurity and governance, risk and compliance (GRC) programs. By attending this interactive roundtable, you will learn:

  • How threat researchers work with SAP to continually improve security for customers
  • Recent threat landscape discoveries and recommendations for a secure and compliance SAP landscape
  • The benefits of this partnership for SAP customers
  • How to assess your SAP applications for vulnerabilities and misconfigurations
  • Why you need to continuously monitor for internal and external threats to ensure your mission-critical application are protected
  • How to ensure digital transformation initiatives are successful and protected, despite an expanding threat landscape
Register Now

MEET THE AUTHORS

Juan Perez-Etchegoyen CTO, Onapsis
Read More

JP leads the innovation team that keeps Onapsis on the cutting edge of the Business-Critical Application Security market, addressing some of the most complex problems that organizations are currently facing while managing and securing their ERP landscapes. JP helps manage the development of new products as well as support the ERP cybersecurity research efforts that have garnered critical acclaim for the Onapsis Research Labs. JP is regularly invited to speak and host trainings at global industry conferences, including Black Hat, HackInTheBox, AppSec, Troopers, Oracle OpenWorld and SAP TechEd, and is a founding member of the Cloud Security Alliance (CSA) Cloud ERP Working Group. Over his professional career, JP has led many Information Security consultancy projects for some of the world's biggest companies around the globe in the fields of penetration and web application testing, vulnerability research, cybersecurity infosec auditing/standards, vulnerability research and more.

Siddhartha Rao SAP
Read More

Siddhartha Rao is the Vice President in-charge of Product Security Response at SAP and the author of best-selling Teach Yourself C++. As the owner of policies and processes governing responsible disclosure at SAP, he is widely consulted on secure development and operations best-practices. Passionate about security and data protection, Siddhartha looks forward to sharing thoughts that help secure SAP customers the world over.

Securing the Intelligent Enterprise from Cyberattacks

Roundtable - Wednesday June 16 at 10 AM ET

Join Onapsis and SAP as we highlight how to address security and compliance issues so you can protect your mission-critical applications. In this session we will discuss the latest threat landscape targeting SAP applications, the importance of keeping up with patches and the need to continuously assess and monitor SAP applications to quickly detect and respond to issues and threats—keeping you protected. Learn how you can integrate SAP applications into your cybersecurity and governance, risk and compliance (GRC) programs. By attending this interactive roundtable, you will learn: 

  • How threat researchers work with SAP to continually improve security for customers 
  • Recent threat landscape discoveries and recommendations for a secure and compliance SAP landscape 
  • The benefits of this partnership for SAP customers 
  • How to assess your SAP applications for vulnerabilities and misconfigurations 
  • Why you need to continuously monitor for internal and external threats to ensure your mission-critical application are protected 
  • How to ensure digital transformation initiatives are successful and protected, despite an expanding threat landscape 
Register Now

MEET THE AUTHORS

Juan Perez-Etchegoyen CTO, Onapsis
Read More

JP leads the innovation team that keeps Onapsis on the cutting edge of the Business-Critical Application Security market, addressing some of the most complex problems that organizations are currently facing while managing and securing their ERP landscapes. JP helps manage the development of new products as well as support the ERP cybersecurity research efforts that have garnered critical acclaim for the Onapsis Research Labs. JP is regularly invited to speak and host trainings at global industry conferences, including Black Hat, HackInTheBox, AppSec, Troopers, Oracle OpenWorld and SAP TechEd, and is a founding member of the Cloud Security Alliance (CSA) Cloud ERP Working Group. Over his professional career, JP has led many Information Security consultancy projects for some of the world's biggest companies around the globe in the fields of penetration and web application testing, vulnerability research, cybersecurity infosec auditing/standards, vulnerability research and more.

Siddhartha Rao SAP
Read More

Siddhartha Rao is the Vice President in-charge of Product Security Response at SAP and the author of best-selling Teach Yourself C++. As the owner of policies and processes governing responsible disclosure at SAP, he is widely consulted on secure development and operations best-practices. Passionate about security and data protection, Siddhartha looks forward to sharing thoughts that help secure SAP customers the world over.