Wallarm’s Open Source API Firewall debuts at Blackhat Asia 2024 – Introduces Key New Features & Functionalities

Wallarm introduced its ongoing Open Source API Firewall project to the world at the recently concluded Blackhat Asia 2024 conference in Singapore. The open-source API Firewall by Wallarm is a free, lightweight API Firewall designed to protect REST and GraphQL API endpoints across cloud-native...

What is Kafka?

Introduction to the Universe of Kafka: A Detailed Synopsis Apache Kafka, frequently just labeled as Kafka, is a universally contributed event broadcasting framework, intended to manage live streaming of data. It is engineered to be a bridge for significant volumes of data, offering a mechanism fo...

What is Recovery Time Objective (RTO)?

Grasping the Technique: The Often Misconstrued 'RTO' Unravelled in the Sphere of Business Resiliency At the heart of organisational durability and a tactical roadmap directing towards reestablishing regular operations post-disruptions, lies the often misrepresented 'Recovery Time Objective' RTO...

XDR vs. SIEM

Enhanced Discovery and Resolution, or more commonly known as XDR, serves as a revolutionary model in cybersecurity. It works by combining multiple security apparatuses into a solitary system, thus uplifting the ability for threat detections and subsequent responses. Unlike the standard...

2023 OWASP Top-10 Series: API7:2023 Server Side Request Forgery

Welcome to the 8th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API7:2023 Server Side Request Forgery SSRF. In this series we are taking an in-depth look at each category – the details, the...

Integrating API Security and WAF into K8s Kong API Gateway

Article by Jiju Jacob, Director of Engineering at Revenera This is an update of Mr. Jacobs’ 05/23 post in his Medium blog. He is a Director of Engineering at Revenera. Revenera, born as InstallShield and now a Flexera company, helps software and technology companies use open source solutions more...

What are JWT Injections, and Why do You Need to Know About Them

JSON Web Tokens JWTs for short are the new standard for transmitting identity information in the digital age. JWTs are JSON objects that act as an identifier for your user or application. They’re used to authenticate users and securely transmit secrets as part of an API, application, or service...

What does Zero Trust mean for API security?

The old mentality of building a moat around important assets and trusting anyone or anything that is already inside the castle perimeter has failed us. Attackers have developed many techniques to jump the moat and scale the castle walls to get at what they want. Thus, the new rallying cry is to...

More industry awards for our portfolio

Wallarm is pleased to have been selected as a finalist in the Cyber Security Startup of the Year and Innovative Product of the Year- Cloud Based categories for the 2018 Cyber Security Awards. The Cyber Security Awards were established in 2014, to reward the best individuals, teams and companies...

Understanding Your Monthly Security Reports

When we first starting a conversation with our prospects, we are frequently asked, “Just how will I know that Wallarm is working?” To help answer that, let’s take a look at the report we sent to one of our customers last week to understand what kind of threats Wallarm defends agains. Wallarm...

Introducing the Wallarm Q1 2024 API ThreatStats™ Report

As we have in previous editions of the ThreatStats report, we highlight the industry’s top API-related attacks and trends. New to this version, however, is a detailed analysis of API attacks targeting AI-based applications, representing a new and rapidly expanding threat vector. And while we...

Webinar: Join us for the latest in API Threats on January 24, 2024

In today's complex digital landscape, the security of APIs has become paramount. As we move into 2024, it's essential to stay ahead of the evolving API security threats and vulnerabilities. The upcoming webinar on "API ThreatStats™ Report: 2023 Year-In-Review" is your quickest way to learn about...

What Is Dynamic DNS

Delving into the Multiple Aspects of the Dynamic Domain Name Protocol DDNS: A Detailed Scrutiny DDNS, standing for Dynamic Domain Name System, is an automatic procedure crafted to maintain the synchronization of the data associated with a DNS server. This system functions uninterruptedly to make...

What is Quality of Service?

Dominating an imperative role in boosting the so-called 'efficiency quotient' within a networking system is the Quality of Service or QoS. Let's dive in and explore the crucial components that make QoS pivotal. In essence, QoS is a blend of a multitude of methodologies and hi-tech devices,...

2023 OWASP Top-10 Series: API10:2023 Unsafe Consumption of APIs

Welcome to the 11th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API10:2023 Unsafe Consumption of APIs. In this series we are taking an in-depth look at each category – the details, the impact...

Wallarm Presenting at BSides Albuquerque

If you’re in the Albuquerque area this Friday and/or Saturday, we hope you’re planning on going to BSides ABQ – it promises to be a fun-filled weekend of learning. The team there has pulled together an interesting set of talks covering a wide variety of topics such as Infosec Ontology, Social...

Learn from the T-Mobile API Breach to Improve Your API Security Program in 2023

A CISO’s job has never been more challenging. Engineering teams move fast, especially as organizations are accelerating their digital transformation efforts. The tech stack is exploding and varies greatly across the organization. And there is a surge of internal, external, and partner APIs. It’s...

RSAC 2022 – The Year of API Security

Not only is RSAC back in person, but API security is coming to the forefront. Wallarm, the G2 leader in Application Security, is thrilled to be back at RSAC where we will show off all of our new API Security capabilities and tools since we last saw everyone in 2020. Highlights of What’s New:...

Scholarship Results

Its time to sum up the results of the 2021 scholarship! As you know, we extended the scholarship for 1 month until October 30th because there were many applications and few finished papers. By October 30 the situation had not changed, only 1 essay had been added and became 4, the number of...

Why You Need to Use Rules in Your Yii2 Framework Models

In the previous article, we described the vulnerability discovered in the Yii2 Framework 2.0.35. In this piece, you'll find out how to prevent it. It's a highly recommended read, especially for web developers who want to quickly check the rule settings and fix a detected vulnerability. Yii is an...

A Match Made in the Clouds

With recent explosion of Kubernetes adoption and Wallarm’s consistent effort to deliver Kubernetes native security offerings, I feel tremendous confidence in our collective ability to stay ahead of the emerging threats in the cloud native ecosystem. The post A Match Made in the Clouds appeared...

What to look for when considering a WAF?

When web based applications become important components of business IP, protecting these applications is a key part of doing business. Most of IT and DevOps professionals are not thinking whether they need a Web Application Firewall WAF. Instead, they are trying to decide which WAF is right for...

Introducing the Wallarm 2024 API ThreatStatsTM Report

The Wallarm Security Research team is pleased to share the latest version of our API ThreatStats report. This report serves as a key resource for API, Application security practitioners. It emphasizes the need for a proactive stance in API security, advocating for continuous monitoring, regular...

MQTT vs AMQP

The Initial Overview: Learning about MQTT & AMQP In the dynamic arenas of Internet of Things IoT" and cloud computing, communication protocols that are robust, reliable and capable of handling high traffic volumes have become essential. The two protocols that have recently gained significant grou...

What is a Cloud Native Application Protection Platform CNAPP ?

Revealing the Secrets of the Cloud-specific Application Safety Platform CSASP In the landscape of online safety, the notion of the Cloud-specific Application Safety Platform CSASP is something relatively unheard of, but rapidly gaining popularity. Intuitively from its name, CSASP is a system...

Impact of the New SEC Cyber Incident Reporting Rules on the C-Suite and Beyond

We recently hosted a compact and very engaging panel discussion about the new SEC Cyber Incident Reporting Rules due to come into effect later this year. We were fortunate to be joined by two well-known experts: Sue Bergamo, a CISO, CIO, Board Member, Executive Advisor, and Investor with a track...

Beware of BOLA (IDOR) Vulnerabilities in Web Apps and APIs

Introduction In a recent advisory, the Cybersecurity and Infrastructure Security Agency CISA warned vendors, designers, developers, and end-user organizations of web applications about the dangers posed by Insecure Direct Object Reference IDOR vulnerabilities, now commonly referred to as BOLA...

8 KB is not enough: why WAFs can’t protect APIs

WAFs were a top-notch security instrument a decade ago, but now they are not. They fail to protect APIs. Meanwhile, the number of API-specific vulnerabilities grew more than twofold in 2022. According to a report by Wallarm, many such vulnerabilities have critical severity, and 33% are immediatel...

10 minutes to secure your Kubernetes application without giving up on customization: Wallarm WAF as a sidecar container with plain Kubernetes manifests

In this series’ previous article, we added the AI-powered Wallarm WAF to our Helm chart bundled application as a sidecar container. As you can see, 10 minutes is the time we need to stop worrying about rules, lists, and attacks, and start focusing on performance, optimization, and deployment. As...

Do you think web passwords are the weakest link in security? Indeed they are.

Between 500K and 500M sets of credentials have been compromised over the recent years, according to various sources. Just last week, a compromise of an educational service Edmondo has been reported to expose as many as 78M user accounts. At the same time, individual users are exposed to so many...

Wallarm is Kairos Society fellow!

Do you know what Kairos Society is? Frankly speaking, we had never heard of it until the beginning of the year. Now we’re amazed at how lucky we are. Here is why. What is Kairos society? Kairos team reached out to us by saying that we’re one of the nominees for Top50 Innovative Companies 2017 —...

Deep Dive into the Latest API Security Vulnerabilities in Envoy

Envoy has carved out a critical role in cloud-native computing, becoming increasingly prevalent as the default ingress controller for Kubernetes. This high-performance proxy, developed by Lyft and now part of the Cloud Native Computing Foundation’s arsenal, is integral for companies scaling up...

Top 4 Essential Strategies for Securing APIs To Block Compromised Tokens

Government bodies are clamping down heavily on institutions and organizations that handle sensitive customer data. For APIs, tokens are used to authenticate users. We live in an era dominated by cloud-native and cloud-first solutions that rely on these services to provide dynamic data storage...

Wallarm’s Crusade Against Rising Credential Stuffing Threats

Credential Stuffing, a vital yet often overlooked aspect of cybersecurity, needs to be addressed with urgency. An alarmingly large segment of the population engages in the risky habit of using the same password for various accounts. This behavior parallels the risk of using a universal key for...

How to Protect Your Privacy Online

Decoding the Complexities of Digital Personhood and Its Private Aspects: Elemental Groundwork As we stride through this tech-propelled age, concerns related to internet-bound privacy have risen as pressing hurdles for all cyber inhabitants around the planet. Considering the ever-broadening spectr...

How to Manage Your Security Risks

Deciphering the Criticality of Safeguarding Against Security Threats As digital natives, we are well aware that the urgency and importance of ensuring digital safety can't be minimized. The escalating vector of sophisticated digital attacks has brandished a double-edged sword, threatening both...

Unlocking API Security Excellence: Wallarm at OWASP Global AppSec DC 2023

If you're involved in securing APIs, applications and web applications, or looking to learn about these, then the OWASP Global AppSec DC Conference next week is a must-attend event. Wallarm, the experts in API and application security, will be there, and we're excited to connect with you on Octob...

What is Progressive Delivery ?

Delving Into the Essential Elements of Incremental Deployment Incremental deployment is an approach in the realm of software engineering, characterized by a phased release cycle. It allows the introduction of new features or updates to a select user community initially, before rolling them out to...

Mastering API Security: Learn the 3 Key Principles at Kong API Summit 2023

In an era where APIs Application Programming Interfaces are the lifeblood of digital interactions, the need for robust API security has never been more critical. According to Gartner research, a staggering 90% of web-enabled applications are predicted to harbor vulnerabilities related to APIs. To...

Wallarm Releases New End-to-End Solution to Reduce Risk and Time-to-Remediate Leaked API Keys and Secrets

Advancement to API Security Technology Will Combat Recent Surge in Hacks Leveraging Leaked API; Early Release Now Available San Francisco, CA –BUSINESS WIRE– January 19, 2023 – Wallarm, the end-to-end API security company, today announced the early release of the Wallarm API Leak Management...

Q3-2022 API ThreatStats™ Report

The latest quarterly review and analysis of API vulnerabilities and exploits is in. Our initial take had us thinking it was smooth sailing for the state of API vulnerabilities in Q3—or was it just a lull in the storm? As it turns out, it’s neither. Read on to learn more about Wallarm’s analysis o...

OWASP Top-10 2022: Forecast Based on Statistics

For tech innovators and security experts, what OWASP Top-10 says or predicts is much attention-worthy as this globally recognized document guide about the hidden and damage-causing security threats. As the year 2022 has begun, the people willing to learn about the latest security trends and...

Exporting Nginx Access Logs to an ELK Cluster

The Wallarm WAF provides an organization with the ability to protect their applications and APIs against a wide range of attacks. However, an organization may wish to achieve a greater degree of visibility into attack traffic and alerts than is possible via the Wallarm user interface. The Wallarm...

Security Challenges in FinTech – Discussion with Vandana Verma, OWASP

In the digital era, financial institutions serve an increasing number of customers through web and mobile applications. Fintech maintains online security, and OWASP offers pieces of the puzzle to address the challenges. We CAN solve these challenges by leveraging the OWASP community knowledge bas...

Directory Traversal: Examples, Testing, and Prevention

Unveiling the Enigma of Path Navigation: An Exhaustive Exploration and Insight Path Navigation, often referred to as Folder Navigation, symbolizes a kind of security extraction point allowing unauthorized individuals to gain unauthorized access to specific files held within a server's database...

The Future of Cybersecurity

Pioneering the Forward-Thinking Epoch of Internet Safety As we brace for an era anticipated to offer a deeper entwined digital landscape, a profound transformation stirs within the realms of online safety. As we are safeguarding not just personal computers or mobile devices, but also other...

What is Protobuf?

The Introduction: Decrypting Protocol Buffers When navigating through the intricate world of data encoding and decoding mechanisms, Protocol Buffers, or widely known as Protobuf, have carved their position as a dynamic contender. The brainchild of Google, this binary blueprint aims for advanced...

What is a Polymorphic Virus detection and best practices ?

In the ever-evolving sphere of digital tech, the persistent threat of cyber intrusions remains a formidable concern. A notable example is the polymorphic virus, an insidiously clever adversary in the landscape of cyber threats. Let's probe the intrinsic nature, attributes, and behaviors of this...

Act Now to Prepare for New NCUA Cyber Incident Reporting Requirements

We recently discussed the new SEC rule requiring all registered companies to report material cyber incidents within four 4 days. Now the National Credit Union Administration NCUA1 has updated their Cyber Incident Notification Rule, requiring all federally insured Credit Unions to notify the NCUA ...

Take Care of Orphan APIs with Wallarm

The Wallarm API Discovery module has been further enhanced to enable customers to identify Orphan APIs and bring them under management. In this post we’ll discuss what Orphan APIs are, why they matter, and how to regain control of your API portfolio. What Are Orphan APIs? Orphan APIs are endpoint...