Onapsis Study Highlights Expanding Spectrum of Cyber Risks Targeting Enterprise Applications

Share Article

Enterprises urged to take action to gain visibility into vulnerabilities in Oracle - JD Edwards, Oracle – eBusiness Suite and SAP Enterprise Applications


It is imperative for organizations to secure their enterprise applications by keeping up with patches from vendors, scanning for configuration issues and implementing a continuous monitoring program to proactively detect and respond.

Onapsis, the global experts in business-critical application security, today released the results of their latest Onapsis Research Labs study “Top Cyber Attack Vectors for Business-Critical Applications.” A preview of the study detailing the growing attack surface in enterprise applications was shared at Black Hat USA in Las Vegas, NV. As enterprise applications become increasingly under attack, enterprise app security is being prioritized by Global 2000 organizations. For the first time, Onapsis Labs Research includes details of vulnerabilities for Oracle eBusiness Suite and Oracle JD Edwards systems in addition to SAP, providing guidance to address vulnerabilities in the most common applications involved in enterprise business processes.

“Onapsis continues to drive engagement with both SAP and Oracle to help identify and address an ever increasing number of vulnerabilities that are being discovered,” said Mariano Nunez, co-Founder and CEO at Onapsis. “This doesn’t imply that the products are more vulnerable, but instead presents evidence that these products are becoming more targeted by attackers. It is imperative for organizations to secure their enterprise applications by keeping up with patches from vendors, scanning for configuration issues and implementing a continuous monitoring program to proactively detect and respond. Otherwise, the business-critical applications become more exposed to cyber-attacks.”

The Onapsis Research Labs study details vulnerabilities and mitigation strategies across three of the most common business applications used in the Global 2000 including:

  • SAP: The probable anatomy of the cyberattack on USIS, which most likely included a pivot attack from an SAP system of lower security (typically a DEV or QA system) to connect to a critical system (production system) and to execute remote function modules in the destination system.
  • Oracle E-Business Suite: Two possible strategies to abuse Oracle applications that are not only insecure but exposed to untrusted networks. Once the attacker gains access to the application, they will be able to access any business information available and processed in the system.
  • Oracle JDEdwards applications: Because these applications rely on a single proprietary protocol that was designed with limited security requirements, exploitation of architectural flaws on a proprietary protocol makes the entire JDEdwards installation vulnerable to attacks. Once the JDE system is compromised, the attacker could extract any business information available and processed in the system.

Business-critical applications are running key business processes and housing the most important data within most of the Global 2000 organizations around the world. Regardless of the vendor who delivers the enterprise application, existing security issues are not being solved by today’s cumbersome patching processes or via security best practices issued by application vendors.

Security teams within organizations should gain visibility into these system’s vulnerabilities and the subsequent exploits as well as implement preventative, detective and corrective measures to reduce the risk exposure to the business.

For more information, or to obtain a copy of Top Cyber Attack Vectors for Business Critical Applications, please visit: https://onapsis.com/top-cyber-attack-vectors-business-critical-applications.

On Thursday, September 24, 2015, Onapsis will be hosting a webcast to discuss these findings. For more information, or to register please visit: https://onapsis.com/news-and-events/webcasts/Onapsis-research-study-webcast-top-three-attacks-targeting-business-critical-applications.

About Onapsis
Onapsis provides the most comprehensive solutions for securing business-critical applications. As the leading experts in SAP cyber-security, Onapsis’ enables security and audit teams to have visibility, confidence and control of advanced threats, cyber-risks and compliance gaps targeting their enterprise applications.
Headquartered in Boston, MA., Onapsis serves over 160 Global 2000 customers, including 10 top retailers, 20 top energy firms and 20 top manufacturers. Onapsis’ solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, IBM, Deloitte, E&Y, KPMG and PwC.

Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cyber-security solution in the market. Unlike generic security products, Onapsis’ context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating SAP applications into existing vulnerability, risk and incident response management programs.

These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP systems. Experts of the Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA and SAP Mobile deployments.

For more information, please visit http://www.onapsis.com, or connect with us on Twitter, Google+, or LinkedIn.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Leslie Kesselring
Kesselring Communications
+1 503-358-1012
Email >
Follow >
Visit website