548 matches found
Key Considerations in API security
Every day, there are billions of API calls being executed. These include public APIs, private APIs, SaaS APIs, APIs performing mobile back-end functions and many more. Given the gravity of the threat and the sheer volume of what’s exposed, how do we develop systems that are both safe and robust?...
How to Mitigate the Latest API Vulnerability in FortiManager
Overview of the FortiManager API Vulnerability Recently, a critical API vulnerability in FortiManager CVE-2024-47575 was disclosed. Certain threat actors exploited it in the wild to steal sensitive information containing configurations, IP addresses, and credentials used by managed devices. In...
The Biggest Hacker Attacks on Gambling
Introduction With online gambling clubs turning into a staple alternative across nations like the United Kingdom, numerous sites are showing up out of nowhere and not all are protected or secure. Numerous club regulars pick to utilize correlation locales, as the UK gambling clubs recorded at...
An Introduction to the Specifics of Start-Ups Security
Security probably would not be too interesting to you at all if you were a liquor store, restaurant, or work in similar sectors of the economy. However, security should definitely be a front-row concept if you are a start-up in the technology space or a business that depends on technology for...
How To Protect Your Kubernetes Cluster with Wallarm – Configuration and Finetuning – part 2 of 3
Wallarm’s Kubernetes Ingress controller is designed to help protect your Kubernetes cluster against cyberattacks. Its built-in web application firewall WAF is capable of detecting and blocking a wide range of common attacks against Kubernetes deployments. The previous article in this series...
RSA 2020 – Must Visit
Visit Wallarm at RSA 2020 booth 4118 + see a list of other events going on during the conference for a richer experience The post RSA 2020 - Must Visit appeared first on Wallarm Blog...
New Wallarm Dashboard
There is an update in the Wallarm Console, which presents a brand new dashboard that can’t be missed. There are three significant changes that are worth mentioning: New structure. The dashboard has a new, clear structure emphasizing multiple modules of the Wallarm Platform — WAF, Scanner, FAST. T...
What is MDR ?
Gaining Insight: Decoding MDR's Functions As we navigate the continually evolving cybersecurity landscape, Managed Detection and Response MDR surfaces as a game-changing strategy. But, what does MDR truly signify? In its purest form, MDR marries technical expertise with sector-specific knowledge ...
E-commerce under Brute-Force attacks: how Wallarm stops it
Most of the Wallarm e-commerce customers are running WAF protection with Brute-Force attacks protection functionality The post E-commerce under Brute-Force attacks: how Wallarm stops it appeared first on Wallarm...
The Evolution of Cyber Defense
To my knowledge, the first reference to the idea and principles of signatures for detecting network attacks dates back to 1987. This was a scientific paper by Dorothy E. Denning from Stanford Research Institute SRI Heres the link to the paper. According to the publication’s records, it was sent t...
Wallarm Recognized on CRN 2018 Emerging Vendor List
We are delighted to share that CRN® has named Wallarm to its 2018 Emerging Vendors List in the Security Category category. The complete Emerging Vendors list will be featured online at www.crn.com/emergingvendor. This list recognizes up-and-coming technology suppliers who are shaping the future o...
HealthTech Security and Compliance, the Practitioner View
A conversation with George Michelson, a long term executive of LiveWatch Services George, can you tell us a bit about yourself? I am an IT professional with over 25 years of experience spanning different industries. From 2008 to 2013 I was serving as a vice president of IT for LIfeWatch Services,...
Horror Stories and Scarecrows of 2017
It is that time of year again when we collectively conjure up ghosts, witches, monsters and other frightening characters for Halloween chills. As children, these scary fiends may have terrified us, but not so much anymore. Yet as adults, we certainly have genuine horror stories that keep us awake...
2023 OWASP Top-10 Series: Wrap Up
Over the past several months, we've taken a journey through the new 2023 OWASP API Security Top-10 list. In the previous 12 weekly posts, we've delved into each category, discussed what it is, how it's exploited, why it matters, and suggested effective protections for each. Now, as we conclude th...
What Is mTLS? The Essential Guide You Can’t Afford to Miss
Intro: mTLS — The Unsung Hero of Cybersecurity Picture this: You're a secret agent on a high-stakes mission. You have a briefcase full of confidential information that you need to hand over securely. Sure, you could pass it to another agent, but how do you know you can trust them? Here's where mT...
Introducing Proactive API Leak Management
Read the press release announcing the early release of Wallarm API Leak Management The recent surge in hacks involving leaked API Keys and other API secrets such as credentials, passwords, certificates, tokens and encryption keys has put everyone involved on notice – organizations need a way to...
Testing ModSecurity for false positives by books texts
The main things that prevent enabling security solutions like WAF/RASP/IDS/IPS in a blocking mode are false positives. Probably the second one is their inline performance and additional latency, but still. As a cloud-native WAF vendor, we at Wallarm are actively checking our products for false...
Wallarm Podcast: Security Challenges of 2017 and Predictions for 2018
Right before Christmas, we have invited several security professionals to a roundtable event where we discussed how AI is affecting cybersecurity landscape. While we had them on as panelists, we have asked Richard Seiersen, Bill Chen and Sean Todd to share their views on the biggest security...
The power of Wallarm search engine
In this article I would like to show and explain my personal use cases of the Wallarm search engine. The cool thing about it is human readable search with intuitive commands. Just look at this search command before we start: attacks incidents vulns today RCE 502 For a security engineer looking at...
Apigee API Security policies howto
The Genesis of Apigee API Security Guidelines In today's digital epoch, APIs Application Programming Interfaces" have ascended to be the fundamental infrastructure underpinning software development - furnishing the medium for diverse software systems to interact and exchange data. Yet, with this...
What is Traffic Shaping ?
Unraveling the Enigma of Traffic Modulation Within the realm of digital information, data traffic parallels a high-speed freeway, ferrying packets of details to-and-fro. So what transpires when there's an excessive influx, leading to an overburdened data expressway? This is where the enigma of...
What is User and Entity Behavior Analytics (UEBA) ?
As the digital world continually transforms at a rapid pace, the necessity for high-grade, reliable safety controls becomes even more crucial. Among a pool of security tactics and tools, User and Entity Behavior Analytics UEBA rises as a formidable measure to shield digital commodities. This...
Find APIs Hiding in the Shadows
What’s hiding in the shadows? It’s a well understood reality that unmanaged IT assets tend to be unmonitored IT assets, and that both introduce risk. Whether it’s a forgotten about application, or an unmanaged cloud storage volume, you can’t protect what you don’t know about. Attackers thrive on...
ChatGPT Injection: a new type of API Abuse attack may steal your OpenAI API credits
ChatGPT is spreading like wildfire all over the internet, being used in everything from casual tools to cybersecurity and even industrial applications. Its so popular, I wouldnt be shocked if it starts running a nuclear power plant soon if it isnt already! Using OpenAIs ChatGPT-3.5, ChatGPT-4, an...
Cybersecurity Engineer Guide – Job Description and How to Become
Introduction The interest for network security occupations is soaring, but the arrangement is at an incredible insufficient. Experts anticipate a 2021 increment of 3,500,000 empty web-based security occupations all over the planet, as shown by the New York Times. Essentially, there arent sufficie...
SSH Host Based Authentication
Introduction Are you an organization that manages or hosts a huge pool of resources on remote locations/servers? Well, host-based authority-validation technique is the most-suited way to manage the access and control rights related to your hardware and applications. Once implemented, this identit...
Exploiting Oracle WebLogic by Remote Code Execution with a /console endpoint restricted
This article explains how to exploit Oracle WebLogic for remote code execution by using valid credentials. Its useful during black-box security audits, pentests, and infrastructure audits, including automated vulnerability scanning. To set up an example playground, we will use the following docke...
When your WAF needs its own WAF
Security products have their own security issues, which can affect products that they were designed to secure. It's not a recursive loop, but the reality. WAFs there are not an exclusion. You can remember CloudFlare self-DoS that happened last year...
Native integrations in Wallarm WAF
How to configure sending reports to email? How to get a notification to the messenger about an event requiring a response? How to connect Wallam and other solutions that use DevOps and the security team? Integrations will help to solve all these issues in Wallam WAF. And today we'll talk about th...
It’s Not Magic — It’s AI
New Whitepaper On How Wallarm AI Works “Any sufficiently advanced technology is indistinguishable from magic,” Arthur C. Clarke Ever wanted to look under the covers of deep learning/artificial intelligence engine? While deep learning algorithms are generally based on neurons combined into a neura...
Zero-Day Marketplace Explained: How Zerodium, BugTraq, and Fear contributed to the Rise of the Zero-Day Vulnerability Black Market
Whenever a company is notified about or discovers a critical flaw in their system/application that has the potential to be exploited by malicious elements, it’s termed a vulnerability. However, every time a flaw being actively exploited is discovered, code red is punched as the organization’s IT...
Top 6 Data Breaches That Cost Millions
“If you put a key under the mat for the cops, a burglar can find it, too. Criminals are using every technology tool at their disposal to hack into people’s accounts. If they know there’s a key hidden somewhere, they won’t stop until they find it.” - Tim Cook, CEO of Apple Inc. The entire digital...
Security Testing: Types, Tools, and Best Practices
Opening Note: Understanding the Core Concepts of Security Analysis Continual developments in technology have elevated the significance of security analysis, a critical phase in software design. You can think of it as a vital diagram within the process of coding, engineered to identify and resolve...
API Leaks
Grasping the Fundamentals of API Breaches API, short for Application Programming Interface, consists of a stipulated set of guidelines and procedures enabling heterogeneous software applications to establish communication amongst them. Conceptualize it as an interconnecting channel that unites...
Navigating Threats – Insights from the Wallarm API ThreatStats™ Report Q3’2023
The world of digital technology is perpetually evolving, positioning cybersecurity as a frontline defense in safeguarding essential digital assets. A primary challenge in this sector, accentuated by the Wallarm API ThreatStats™ report Q3’2023, is ensuring robust API security. This in-depth report...
Testing with OpenAPI Specifications
The 2023 SANS Survey on API Security Jun-2023 found that less than 50 percent of respondents have API security testing tools in place. Even fewer 29 percent have API discovery tools. Wallarm delivers both these capabilities via our single, integrated App and API Security platform. Wallarm has lon...
2023 OWASP Top-10 Series: API9:2023 Improper Inventory Management
Welcome to the 10th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API9:2023 Improper Inventory Management. In this series we are taking an in-depth look at each category – the details, the impac...
2023 OWASP Top-10 Series: API5:2023 Broken Function Level Authorization
Welcome to the 6th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API5:2023 Broken Function Level Authorization. In this series we are taking an in-depth look at each category – the details, the...
OWASP API Security Top-10 for 2023 Risk Ratings
As you know by now, the final version of the OWASP API Security Top-10 2023 has been released. At first blush, the final 2023 release seems to retain most of the changes in category naming, language and intent from the 2019 edition which we saw in the RC version. In this post, we are going to...
Wallarm at API World and KubeCon 2022 this week
This is a busy week for the whole Wallarm team as we are sponsoring two big conferences at the very same time. API World 2022 Wallarm will be at API World in San Jose starting today. Stop by booth 209 to chat with our apisecurity experts about everything APIs, and check out a demo of Wallarm WAAP...
How to easily protect any Kubernetes application?
The king of container orchestration needs the best security companion: Wallarm WAF. When it comes to speed, portability, and the advantages of microservices architecture, no other product can compete with Kubernetes as a container orchestrator. Nevertheless, even the best solutions have challenge...
Protecting gRPC applications and APIs
Wallarm has always stood out from its competitors when it comes to supporting modern stacks. For a long time Wallarm has been the only product to provide comprehensive protection for WebSockets-based web applications. Once again, Wallarm is glad to be the pioneer and add support for the gRPC...
Top-5 stupid security mistakes in web apps
by Ivan Novikov Image by Byseyhanla Own work CC BY-SA 4.0, article re-posted from In this blog entry, I will summarize some commonly overlooked issues which have been affecting many web projects for the last 5 years. All of them are obvious and super predictable and could be used be script kiddie...
OWASP Mobile Top 10
Unraveling the Key Components of the Renowned OWASP Mobile Top 10 Index The altruistic initiative, Open Network Application Defense Plan ONADP, spearheads a cluster of operations in its mission to enhance the level of software protection. A cardinal tool emerging from their efforts, The OWASP...
Addressing the Rising Threat of API Leaks
In the realm of cybersecurity, the metaphor of "Leaky Buckets" has become an increasingly prevalent concern, particularly in the context of API security. This term encapsulates the hidden vulnerabilities and exposures in API infrastructures that many organizations struggle to identify and address...
What Is Network Security Management?
At the Heart of The Matter: Unraveling Essential Elements of Network Safeguard Administration in Digital Space The sphere of Online Network Safeguard Supervision presents a vast playground, humming with an abundance of methods, protocols, and modern-day tech tools. Together, their role is to...
What Is Zero Trust Network Access (ZTNA) ?
Unraveling the Mysteries Behind the Zero Trust Network Access ZTNA Paradigm Digital protection strategies have traditionally relied heavily on the concept of trust. However, these conventional notions, which assume a considerable measure of security within an organization's connectivity sphere,...
How Uber was hacked in 2022
What happened? The first information about the incident was issued yesterday, September 15th, 2022. We know that a hacker called “Tea Pot” successfully accessed Uber infrastructure and critical cloud services such as AWS, Slack, Google Workspace, and others. Most likely, Uber understood what had...
Invisible rat: how Sentry, Datadog, and others used by XSS and JavaScript malware
We all know how it’s convenient to use tools like Sentry or Datadogs for JavaScript events monitoring. It allows to catch errors in real-time, organize and manage issues resolution process, and genuinely shift left operations to developers. But Wallarm security experts warn of dangerous patterns ...
HOWTO: Prevent your AWS credentials and other secrets from being exposed in code repositories
Uber had AWS credentials exposed on GitHub. As thousands of other companies do. It has been known for a while that nuggets such as private keys and credentials can be found with the GitHub search functionality or with Google dorks so looking for sensitive information in GitHub repositories is not...