# Onapsis

> Onapsis is a Boston-based cybersecurity company that secures business-critical applications - the SAP, Oracle and SaaS ERP systems that run the world's largest enterprises. Founded in 2009 by a team of ethical hackers, Onapsis combines a platform for assessing, defending and controlling ERP application-layer security with the threat research of Onapsis Research Labs, which regularly discovers SAP zero-day vulnerabilities and works directly with SAP and CISA. It is the only SAP security and compliance platform certified as a Premium Certified SAP Endorsed App.

- **Founded:** 2009
- **Headquarters:** Boston, Massachusetts, United States
- **Founders:** Mariano Nunez (CEO & Co-Founder), Victor Montero (Co-Founder), Juan Perez-Etchegoyen (Co-Founder & CTO)
- **Team size:** ~380 employees
- **Products:** The Onapsis Platform, Onapsis Assess, Onapsis Defend, Onapsis Control, Onapsis Research Labs
- **Notable:** Only SAP security and compliance platform certified as a Premium Certified SAP Endorsed App., Onapsis Research Labs discovered and helped remediate CVE-2025-31324, a critical SAP zero-day added to CISA's Known Exploited Vulnerabilities Catalog in April 2025., Founders were among the first to publicly present ERP cybersecurity risks at RSA, Black Hat and SANS.

## Products & services

- **The Onapsis Platform** — A unified SAP security and compliance platform delivering automated compliance, vulnerability management, threat detection and secure development across RISE with SAP, S/4HANA Cloud and hybrid SAP landscapes. It is a Premium Certified SAP Endorsed App.
- **Onapsis Assess** — Continuously scans the entire SAP landscape for vulnerabilities, misconfigurations, dangerous interfaces and risky user authorizations, prioritizing what to fix first.
- **Onapsis Defend** — A real-time early-warning system that monitors SAP for unauthorized changes, zero-day exploitation and malicious activity to detect and respond to threats as they happen.
- **Onapsis Control** — Secure development and code security testing for custom SAP (ABAP) code, embedding application security into DevSecOps pipelines.
- **Onapsis Research Labs** — A dedicated threat research team that discovers SAP and Oracle zero-day vulnerabilities, publishes threat intelligence and works directly with SAP and CISA on coordinated disclosure.
- **Security Advisory & Incident Response Services** — Professional services for SAP security assessments, penetration testing and incident response, including a joint SAP incident response offering for RISE with SAP customers.

## Achievements

- Only SAP security and compliance platform certified as a Premium Certified SAP Endorsed App.
- Onapsis Research Labs discovered and helped remediate CVE-2025-31324, a critical SAP zero-day added to CISA's Known Exploited Vulnerabilities Catalog in April 2025.
- Founders were among the first to publicly present ERP cybersecurity risks at RSA, Black Hat and SANS.
- Raised over $115M across four funding rounds from investors including .406 Ventures, Evolution Equity, LLR Partners and NightDragon.
- Celebrated 15 years of SAP security leadership in 2024-2025 with major platform innovation and an expanded SAP partnership.

## Latest updates

- **2026-01** — Expanded go-to-market leadership with three executive appointments - Mark Francetic (Global Head of Partners & Alliances), John LoVerme (Head of North America Sales) and Nadine Rahman (Head of International GTM) - to accelerate partner-led global growth.
- **2025-11** — Q4 2025 platform updates broadened SAP DevSecOps coverage and added deeper visibility and automated defenses across SAP landscapes.
- **2025-09** — Launched SAP Notes Command Center, Rapid Controls for Dangerous Exploits, and Alert on Anything for SAP BTP - the deepest SAP application security posture insights to date.
- **2025-05** — Onapsis Research Labs reconstructed active attacks and disclosed the root cause of the CVE-2025-31324 SAP zero-day, leading to SAP Security Note 3604119 (CVE-2025-42999).
- **2025-04** — Released an open-source scanner for the actively exploited SAP zero-day CVE-2025-31324 after CISA added it to the Known Exploited Vulnerabilities Catalog.

## Links

- Website: https://onapsis.com
- LinkedIn: https://www.linkedin.com/company/onapsis
- Twitter/X: https://twitter.com/onapsis
- YouTube: https://www.youtube.com/c/Onapsis
- Facebook: https://www.facebook.com/onapsis

---

Profile page: https://yespress.io/onapsis
Published by YesPress — https://yespress.io
Last updated: 2026-07-18
