Application Security Testing — The Wallarm Approach

Testing the security of the corporate applications is a part of every-day life for Ops and DevOps professionals. Larger companies have whole teams dedicated to independent security testing, called Red Teams. These folks use various tools at their disposal to discover the flaws in both application...

10 Years Journey into API Security Vulnerabilities with Ivan, the CEO of Wallarm

Ivan Novikov, CEO at Wallarm, is an API security expert, bug hunter, security researcher, and blackhat speaker with 24 years of experience in the cybersecurity field. He spent decades in this industry and witnessed exploits as well as growth. Read ahead to understand Ivan’s API Security journey a...

http2smugl: HTTP2 request smuggling security testing tool

HTTP/2 become the standard defacto for the modern web and causes new application security risks. The HTTP2 request smuggling is one of a few HTTP/2 vulnerabilities with the high severity that raised last year. In this post, we will describe it in detail and suggest an open-source tool http2smugl...

Don’t Let API Leaks Sink Your Ship | API Security Newsletter

Leaks of API keys and other secrets. The industry has been abuzz with news about attacks – and the ongoing ripple effect – involving leaked API keys, credentials and other secrets. This adds another dimension to your API attack surface, which in turn complicates your defenses and adds to your...

Autoscaling Wallarm Nodes in AWS, GCP, and Azure

Newly updated Wallarm Node images now natively support autoscaling capabilities in AWS, GCP, and Azure. Updated images are already available in cloud provider marketplaces and can rely on the native auto-scaling to adjust the number of nodes based on traffic, CPU load, and other parameters. What ...

PHP Remote Code Execution 0-Day Discovered in Real World CTF Exercise

When a security researcher found an unusual PHP script while solving an hCorem Capture the Flag task, it reveal hundreds of millions of users are vulnerable to attack. Learn the deep tech. The post PHP Remote Code Execution 0-Day Discovered in Real World CTF Exercise appeared first on Wallarm Blo...

App Security and PCI; Are you ready for the audit?

As most people know, merchants, financial institutions and anybody else who is involved in processing credit cards are subject to the PCI DSS compliance to reduce fraud and cybersecurity risks. This affects both brick-n-mortar stores and banks as well as card-not-present CNP transactions that...

API Vulnerabilities Jump Up 3.7x in Q2-2022

Since the beginning of 2022, the Wallarm security research team has been analyzing API vulnerabilities and exploits, and releasing quarterly reports. The Q1 report got a lot of attention and positive feedback from the cybersecurity community, as well as a few valuable ideas and suggestions. We...

Changes in OWASP API Security Top-10 2023RC | API Security Newsletter

Welcome to our March API newsletter, recapping some of the events of last month. And what a month it was. Among other buzzworthy news, OWASP published the initial Release Candidate for the 2023 API Security Top-10 list – we analyzed the ins & outs and presented them over the course of a couple of...

OWASP APIsec Top-10 2023 Is Here | API Security Newsletter

Welcome to our May API newsletter, recapping some of the events of last month. As the old proverb goes, April showers bring May flowers – and this means the bees at the Wallarm hive have been in full foraging mode and the honey is flowing: lots of updates & improvements to the platform, and much...

TiE Inflect 2018 announces Wallarm as a 2018 TiE50 Finalist

We are excited to share one more win for the Wallarm team. Wallarm has been selected as a “2018 TiE50 Finalist” for the prestigious TiE50 Awards Program recognizing the world’s most innovative tech startups. This awards competition is part of TiE Inflect 2018, a prominent conference for tech...

Cybersecurity: What to Expect in the Year Ahead

So, what lies ahead? Let’s turn over our virtual coffee cups and read the coffee grounds. .... report also shows that as many as 60% of all hacker attacks are using a compromised web application to gain unauthorized access or steal data. The post Cybersecurity: What to Expect in the Year Ahead...

Wallarm New Open Source Module and Kaggle Hackathon

A key element of any security solution, whether its a WAF, NGWAF, RASP or even a SIEM or a classic IDS, is the ability to correctly detect whether an incoming API request is malicious. The traditional way to do it is using signatures and regular expressions regex. Some sets of signatures are...

Securing GraphQL API

Introduction to GraphQL Representational state transfer REST APIs are the most popular type of API. However, GraphQL is rapidly growing in popularity as a competitor to REST. GraphQL is a meta-layer with built-in query language to access object-oriented data. It’s based on JSON-encoded HTTP...

Update on 0-day vulnerabilities in Spring (Spring4Shell and CVE-2022-22963)

Quick update There are two vulnerabilities: one 0-day in Spring Core which is named Spring4Shell very severe, exploited in the wild no CVE yet and another one in Spring Cloud Function less severe, CVE-2022-22963 Wallarm has rolled out the update to detect and mitigate both vulnerabilities No...

Wallarm starts to highlight CVE to address OWASP Top-10 A6 Vulnerable and Outdated Components

Attacks against known vulnerabilities are one of the most common security risks. Have you seen an updated OWASP Top-10? A risk that used to be A09 Using Components with Known Vulnerabilities is now titled A06:2021-Vulnerable and Outdated Components. This category moved up to 06 from 9 in 2017. We...

What stealthy attacks are hiding in API data — and why do most WAF miss them?!

What stealthy attacks are hiding in API data — and why do most WAF miss them?! API Data: What is it and how is it saying it? APIs are the blood flow of today’s applications — from online browser-based apps to mobile apps to sophisticated distributed enterprise applications connecting dozens of...

Wallarm Kubernetes Ingress Controller

Kubernetes is a popular technology which aims to improve how containers, microservices and other distributed components are managed across varied infrastructure. Since it was first announced by Google in 2014, it has grown in adoption and is now one of the leading system for automated deployment...

Cloudflare fixed an HTTP/2 smuggling vulnerability

On July 14th, Emil Lerner found and explored new ways of HTTP desync/smuggling exploitation based on HTTP/2 request processing issues. He submitted the bug to the Cloudflare security team through their bug bounty program. This security issue took Cloudflare a week to fix and was completed on July...

Wallarm Named to the Big50 2018–19 Report on the Top Startups in Tech

Wallarm has been named a “Hot Startup to Watch” in Startup50’s Big50 2018–19 Startup Report. The Big50 2018–19 Startup Report spotlights 50 high-upside startups that have gained a foothold in fast-growth tech sectors. Each year, Startup50 features startups that are poised to upend the status quo ...

New GigaOm Report: Path to DevOps Success

This month Wallarm has partnered with GigaOm to help our DevOps customers better understand the industry landscape and strategies to address the challenges of doing things the agile way. GigaOm’s perspective is that of the unbiased enterprise practitioner. GigaOm works directly with enterprises...

Wallarm CEO Ivan Novikov joins Forbes Technology Council

White hat security professional and entrepreneur Ivan Novikov has joined the Forbes Technology Council, an invitation-only community that serves as a platform for technology leaders to discuss and solve pressing business challenges with their peers and share their insights with readers on...

Update on Spring Data MongoDB SpEL Expression Injection Vulnerability (CVE-2022-22980)

Background On June 20, 2022 Spring released Spring Data MongoDB 3.4.1 and 3.3.5 to address a critical CVE report: CVE-2022-22980: Spring Data MongoDB SpEL Expression injection vulnerability through annotated repository query methods. This vulnerability was originally reported on June 13, 2022...

From Regular Expressions to AI

Three generations of attack detection methodology The oldest and well-studied approach is based on signatures and heuristics. From before the internet times, this approach was implemented in most kinds of detection systems from firewalls to anti-viruses. The second genera- tion represents an...

Evolution of API Security – A Practical Guide to Addressing API Threats in 2023

The kind of API security scenarios we witnessed today were never like this from the beginning of time. It has gone to extra lengths to become responsive and productive as it’s now. How was it in the beginning? What changes has it faced? What more can we expect in the future? If this is what bothe...

What to Expect at RSA 2019

Attending RSAC 2019? The week promises to be full of exciting content, useful connections, networking and insights into new security trends. BSides San Francisco The week will start on March 3rd with the amazing BSides event. The BSides community has continuously raised the bar and put the INFO...

Improper Authorization in Confluence Data Center and Server (CVE-2023-22518)

In early November, the cybersecurity community witnessed the exploitation of a zero-day vulnerability in Confluence Data Center and Server. This critical vulnerability was related to Improper Authorization and assigned CVE-2023-22518 identifier. In this blog, we delve into the details of these...

ChatGPT: Friend or Foe? | API Security Newsletter

Welcome to our April API newsletter, recapping some of the events of last month. This month’s topic is Generative AI tools e.g., ChatGPT in cybersecurity. It – along with API Security – dominated the 2023 RSA Conference, and there’s plenty of digital ink being spilled on the topic. Be sure to wat...

8 Tips and Best Practices to Build a Solid Cloud Migration Strategy for 2019

Here are eight fool-proof practices that can help you move your workloads to the cloud. A quick look at cloud migration. Cloud migration involves moving an organization’s data storage and IT operations to a cloud network. Cloud computing services are hosted in a multi-tenant environment and can b...

Wallarm team is growing!

Wallarm’s unique approach provides actionable insight that identifies and protects against real attacks and vulnerabilities. I’m excited to be part of the team that automates this for modern services and cloud-based applications. The post Wallarm team is growing! appeared first on Wallarm Blog...

OWASP Top 10 2017 is Released

The Journey to the New and Improved Ten Most Critical Web Application Security Risks It was not too long ago that protecting your web server infrastructure consisted of simply placing the servers in their own zone behind the firewall and just opening a couple of ports. Outside of endpoint...

Three new API exploits causes GitLab data privacy and availability issues

On May 10, 2022, and May 11, 2022, CVE-2022-1352 CVE-2021-1431, and CVE-2022-1545 were fixed and published on Gitlab-ORG public repository. There are no technical details or exploits yet, but according to the high-level description and titles, they gonna be critical Gitlab API vulnerabilities tha...

Defining Wallarm API-specific Rules

Case Study Using SugarCRM API As an Example A unique Wallarm AI feature is its ability to automatically detect and parse complicated API protocols and then set up security rules based on specific data or parameters deep inside the API. Once parsed, the system creates the rules-based both on where...

“Fire Danger Rating” on “High” in Security Climate

November was a scary month in California. After four years of drought, the forests and towns in the northern part of the state exploded into wildfires, displacing thousands of residents and destroying millions of dollars of property. The foul air in San Francisco and the surrounding areas was a...

Numbers game: Exploring IntegerOverflow vulnerability in a popular nginx web server.

By @aLLy , Wallarm Research There was a very interesting vulnerability discovered in nginx, one of the most popular web/proxy/load balancing servers. This vulnerability leaks information about the application behind the nginx proxy. For example, a specially formed request can retrieve information...

Wallarm goes to Singapore

By Leonid iaitskyi. — Own work., CC BY-SA 3.0, What: Hack In The Box GSEC SINGAPORE 2017 When: August 21st — 25th 2017 Where: InterContinental Singapore Why go: REASON 1: Meet Wallam and find out how to extend your security team with AI REASON 2: Go to the talk by Ivan Novikov and find what the...

Make Sure Your Security Is Ready for the President’s Day Shopping Spree

By Tony Bradley The following article was originally written to provide e-retailers with tip and tricks for the Black Friday and Cyber Monday shopping. However, with the biggest President’s day spring sales approaching, the best practices and how-to remain the same. More about e-commerce security...

Wallarm NG-WAF is Now a Part of Kong Hub to Provide Better Protection for Microservices, APIs and…

Wallarm NG-WAF is Now a Part of Kong Hub to Provide Better Protection for Microservices, APIs and Serverless Thousands of companies from startups to Fortune 500 enterprises use Kong as their API gateway. With a blazingly fast performance, it comes with a perfect feature set for everyone who manag...

Is your org structure threatening your IT security infrastructure?

5 Tips to Solve API Security Issues in Any IT Security Infrastructure Start listening. Integrating isn’t enough if your teams aren’t talking. In a hyper-competitive environment, keeping up with customer usability demands often means adopting a hyper-agile development process. It’s a dangerous...

Welcome, Brooke Motta!

By Ivan Novikov I am excited to announce a great addition to our Go-To-Market team. Brooke Motta has joined Wallarm as Vice President of Sales. Brooke brings 15 years of Cyber Security Sales Experience to the team. She has experience selling up and down the organization from an individual securit...

Wallarm joins CNCF to promote Kubernetes security

Wallarm has recently joined the Linux Foundation and its sister organization, Cloud Native Computing Foundation. Wallarm will be contributing its AI/ML security expertise within the LF and CNCF communities to support the sustainability and adoption of open source technologies. Wallarm and its...

Octopus Strike! Three Argo CD API Exploits In Two Weeks

Argo CD is a popular Continuous Deployment tool that enables DevOps teams to manage their applications across multiple environments. However, in the past two weeks, three critical vulnerabilities have been detected in the tool, exposing sensitive information and compromising the security of the...

How to use a single download to remotely steal proprietary files from MacOS

by Anton Lopanitsyn Wallarm Research Team Imaging a scary scenario: you open a simple html document, and after a little while, your proprietary files unbeknownst to you find their way to somebody else’s hard drive… Documents, source code, SSH keys, passwords…All the files you, the authorized user...

Meet with Wallarm at BlackHat USA 2017

Meet Wallarm team at BlackHat USA 2017 Start your day with a good cup of coffee and a hearty breakfast at PRESS lounge. Join Wallarm team for breakfast on the last day of BlackHat conference. Meet and network with like-minded white hat security professionals while fueling up for another day of...

CVE-2024-41110: Once Again, Docker Addresses API Vulnerability That Can Bypass Auth Plugins

Summary A significant vulnerability CVE-2024-41110 was recently discovered in Docker Engine version 18.09.1.Although the issue was identified and fixed in 2019, the patch did not apply to other major versions, resulting in regression. The vulnerability was assigned a CVSS score of 10 critical...

CVE-2024-5655: Latest GitLab API Vulnerability Threatens Customer Data Exposure

A security flaw that impacts specific versions of GitLab's Community and Enterprise Edition products was just detected. This vulnerability can be exploited to execute pipelines under any user's credentials. GitLab is a web-based DevOps platform offering tools for software development, version...

API Abuse – Lessons from the Duolingo Data Scraping Attack

It’s been reported that 2.6 million user records sourced from the Duolingo app are for sale. The attacker apparently obtained them from an open API provided by the company. There’s a more technical explanation available here. While we talk a lot about the vulnerabilities in the OWASP API Top-10 a...

Can ChatGPT be used to attack your APIs? | API Security Newsletter

The winter solstice is fast approaching, along with the end-of-year holidays - before we know it, itll be 2023 already! And with the fall behind us, our hive has been busy putting the finishing touches on many new and improved capabilities – such as weak JWT detection, API Abuse Prevention, API...

CVE-2024-29849: Veeam discloses Critical Vulnerability that allows attackers to bypass user authentication on its Backup Enterprise Manager web interface

On May 21, 2024, Veeam revealed a severe flaw across its Veeam Backup Enterprise Manager VBEM web interface that enables an unauthenticated attacker to log into the web interface as any user. Officially designated as CVE-2024-29849, the vulnerability presents a major threat with a CVSS V3 rating ...

Yii2 Gii Remote Code Execution

This article is written specifically for web developers who use a module. We will tell you how we got access to sensitive data on a staging server through Yii2 Gii Remote Code: First to the testing environment, and then to the production. Spoiler: We have notified the module developer about the...