Application Security , Events , Next-Generation Technologies & Secure Development

Protecting Yourself Against App-Based Malware Attacks

Onapsis' Mariano Nunez on How to Secure Against Application-Based Malware Attacks
Mariano Nunez, co-founder and CEO, Onapsis

The fundamentals of protecting against application-based malware attacks are no different from infrastructure-based attacks, and it is all about having threat intelligence, context and the capability to really understand these applications, said Mariano Nunez, co-founder and CEO at Onapsis.

See Also: The Ever-Increasing Pressure to Develop Secure Code

"In essence, it is like OT security. You have very specific protocols, very specific components and proprietary technology that is really hard to understand and make sure that you can trust but verify," Nunez said.

"If you're doing data management today, you need to extend the program to cover business-critical apps. If you're doing DevSecOps, you can extend your program. Make sure you're protecting custom code on ERP apps, threat detection response, XDR - same thing, same principles, you're just removing that blind spot."

In this video interview with Information Security Media Group at RSA Conference 2023, Nunez also discusses:

  • How to stop money-stealing via ERP apps;
  • Trends in application security;
  • Financial risks associated with attacks on ERP apps.

Nunez drives the strategic direction of Onapsis. He began his career as a cybersecurity researcher and was the first to publicly present at major conferences such as RSA, Black Hat and SANS on cybersecurity risks affecting SAP platforms and how to mitigate them. He was the developer of the first open-source ERP penetration testing framework and has discovered critical security vulnerabilities in SAP, Oracle, IBM and Microsoft applications.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.