Q2-2023 API ThreatStats™ Report: API Exploits Are Everywhere: from NVIDIA to Reddit and more!

Our Q2-2023 API ThreatStats™ report is out. It provides API builders, defenders, breakers, and decision-makers with a comprehensive look at the API security vulnerabilities, threats and exploits reported this past quarter. This report provides everyone involved in API development, security and...

How to easily protect any Kubernetes application?

The king of container orchestration needs the best security companion: Wallarm WAF. When it comes to speed, portability, and the advantages of microservices architecture, no other product can compete with Kubernetes as a container orchestrator. Nevertheless, even the best solutions have challenge...

How Can Deliberately Flawed APIs Help In Mastering API Security?

In our recent webinar recent webinar title 'A CISO’s Checklist for Securing APIs and Applications', we delved into the concept of creating an API security playground tailored for both developer and security teams. The core idea revolves around utilizing intentionally vulnerable APIs as training...

Top 4 Industries at Risk of Credential Stuffing and Account Takeover (ATO) attacks

All industries are at risk of credential stuffing and account takeover ATO attacks. However, some industries are at a greater risk because of the sensitive information or volume of customer data they possess. While cyber-attacks come in all forms and techniques, credential stuffing involves an...

Digital Experience Monitoring | What Is DEM?

Introduction to Digital Experience Monitoring: Illuminating the Basics In an era governed by technology, the satisfaction of an end-user is of utmost importance. It has the power to stimulate or to halt business growth, and frequently determines if a client continues or discontinues their...

Security Operations (SecOps)

Understanding the Basics of Security Operations SecOps SecOps represents the blending of cybersecurity proficiency with operational domains, forming a powerful bulwark. Its primary mission lies in safeguarding the fundamental data assets and technological infrastructures of an organization. More...

How to comply with HIPAA requirements

Understanding the Grounds of HIPAA Let's take a deep dive into understanding the broad structure and intent behind the Act for the Secure Management and Duty of Patient Data ASMDPD, a landmark piece of legislation that has deeply transformed the healthcare sector since its inception at the turn o...

VULNERABILITY MANAGEMENT

In any strategy aimed at combating cyber threats, the essential peace is the adequate regulation of possible frailties or susceptibility points. This concept embodies a broad spectrum of actions covering the spotting, categorizing, ranking, and rectification of possible risk areas within a digita...

CRUD VS REST Explained

In the digital creation field, particularly web building, there exists two phrases that often become a riddle for neophytes and even seasoned coders: CRUD and REST. These pair of notions form the bedrock of knowledge in comprehending how information is tweaked and relayed across the World Wide We...

What is Zero Trust Architecture (ZTA) ?

Trust No One, Secure Everything: Unpacking Zero Trust Architecture In the ever-evolving landscape of cybersecurity, the traditional approach of building a robust wall around your network and trusting everything inside it is no longer sufficient. The rise of cloud computing, remote work, and mobil...

Mobile Application Security

Our progression into the digital age has notably changed the way we function. Everything from financial management, online purchases, virtual education, to entertainment—has been compacted into the easily-navigatable universe of apps on our handheld devices. This amplified reliance on mobile...

Unlocking Seamless API Security: Revenera’s Journey with Wallarm

In today's digital landscape, ensuring the security of web applications and APIs is paramount. The journey to find the right security solution can be filled with challenges and choices. In this blog post, we'll dive into the experience of Rob Davies, VP of Engineering and Lead Architect at...

2023 OWASP Top-10 Series: API8:2023 Security Misconfiguration

Welcome to the 9th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API8:2023 Security Misconfiguration. In this series we are taking an in-depth look at each category – the details, the impact and...

Wallarm at Black Hat USA 2023 Booth #3131

Wallarm is excited to be back at Black Hat USA this year and meet with our friends in the community wanting or perhaps needing to learn more about integrated web app and API protection. We look forward to seeing you there! Expo Hours If you’re attending in person, the Business Hall is open for tw...

SOC 2 Compliance During Covid-19 Times

A lot of IT Security Officers responsible for driving the SOC 2 certification in their companies are probably wondering how the switch to mostly remote workspaces will affect their SOC 2 landscape. I would say that there are two types of companies affected or not affected by the coronavirus:...

New from Wallarm Research: First AI-based Tool to Predict Vulnerability Risk

Wallarm Inc., a leading developer of AI-based Web Application security solutions, and Vulners.com, the security database of software vulnerabilities in machine-readable format, today announced the release of a free vulnerability assessment tool that utilizes a unique neutral neural network...

Attackers Abuse TikTok and Instagram APIs

It must be the season for API security incidents. Hot on the heels of a developer leaking an API key for private Tesla and SpaceX LLMs, researchers have now discovered a set of tools for validating account information via API abuse, leveraging undocumented TikTok and Instagram APIs. The tools, an...

What is Mallox Ransomware

Deciphering the Danger: Decoding Mallox Ransomware. Mallox Ransomware embodies a harmful software element, contributing to an ever-expanding repertoire of digital extortion threats. This cyber menace executes its mission by snaking its way into your computer system, applying a cipher to your data...

What is the MITRE ATT&CK Framework?

The Unfolding Complexity of the MITRE ATT&CK System The domain of cybersecurity is akin to an ever-evolving ocean filled with intricacies. In these stormy waters, the MITRE ATT&CK System stands as a beacon of light. It brings some order, serving as a universally available repository storing vario...

FREE Cybersecurity Education Courses

Navigating the nuanced realm of digital defense doesn't need to feel like a herculean task. This section aims to shed light on the intricacies of digital defense and aid you in leveraging freely available Cybersecurity Learning Programs. Deciphering Digital Defense Digital defense, also referred ...

EDR vs MDR vs XDR

In the realm of security measures within the digital expanse, we recurrently stumble upon designations, namely, EDR Endpoint Detection and Response, MDR Managed Detection and Response, and XDR Extended Detection and Response. These abbreviations express singular methodologies fashioned to augment...

12 Cloud Security Issues Risks, Threats and Challenges

Unpacking the Cloud: Appreciating its Importance & Uncovering its Weak Points The cloud has utterly transformed our methods of data storage and retrieval. It has flawlessly woven itself into the fabric of our everyday lives, from a repository for precious memories to a platform that supports...

What is a Cloud Workload Protection Platform ? (CWPP)

Diving into the Depths of Cloud Workload Defense Framework CWDF Mysteries Setting out to understand cloud security, one frequently encounters the term - Cloud Workload Defense Framework CWDF. What exact role does CWDF play? Let's decode this riddle. At its core, the Cloud Workload Defense Framewo...

Insights into the New OWASP API Security Top-10 for CISOs

ICYMI, we recently presented A CISOs Guide to the New 2023 OWASP API Security Update. In this first of two planned webinars, Stepan Ilyin and Tim Ebbers provided an overview of what’s in and what’s out in the planned update and had a lively discussion about how this impacts your API security plan...

2022 Year-End API ThreatStats™ Report

In 2022, the Wallarm Threat Research team went through almost 350,000 reports to find 650 API-specific vulnerabilities, and tracked 115 published exploits impacting these vulnerabilities – all of which could negatively impact your business risk posture. The 2022 Year-End API ThreatStats™ Report...

Slack GitHub Account Hacked via Stolen Employee API Token

On December 29, 2022, Slack was alerted to suspicious activity on their GitHub account. Upon investigation, the company discovered that a limited number of employee tokens had been stolen and misused to gain access to an externally hosted repository. The threat actor had also downloaded private...

Security Manager Guide – Job Description and How to Become

Introduction This guide discloses how to turn into a security supervisor, as well as the means to take to begin in this productive and intriguing industry. Keep perusing to find about the instructive, and certificate prerequisites for cybersecurity managers in the work environment. Bosses look fo...

Penetration tester Guide – Job Description and How to Become

What is a penetration tester? In the realm of data security, pentesters are the specialists. The reason, likewise with other PI works out, is to recognize hazards before any potential meddling bosses get an opportunity to set up their framework. Helpless entertainers will endeavor to take advanta...

What is fuzz testing? What is it used to test for?

Fuzz testing, regularly known as fuzzing, is a product testing procedure that incorporates embedding flawed or arbitrary information FUZZ into a product framework to recognize coding issues and security issues. Fuzz testing involves infusing information into a framework utilizing robotized or...

The scholarship deadline extended to October 30

Greetings, dear scholarship recipients! Applications for the scholarship draw should have closed on September 31st, but we are still receiving applications from you. At the moment there were 148 applications and only 3 people managed to submit them in time, now they are sent to our technical...

Latest Bypassing Techniques Beat SOAP/XML API Protection

It is impossible to protect APIs unless you take a deep dive into the protocols implemented over the standard HTTP. Most security tools are not protecting data where it’s most vulnerable, inside the XML schema itself. These encoding attacks are going unflagged by many application platforms, despi...

Google’s lessons in security: bring together security engineering and incident response

Last week during Google Next conference, we have heard an interesting talk where a google security PM, Andy Chang, explained what Google has learned from preventing, detecting and responding to cyber attacks over the years. Not surprisingly, Google is paying a lot of attention to securing the...

API Attack Surface: How to secure it and why it matters

Managing an organization’s attack surface is a complex problem involving asset discovery, vulnerability analysis, and continuous monitoring. There are multiple well-defined solutions to secure the attack surface, such as extended detection and response EDR or XDR, security information & event...

CVE-2024-41110: Once Again, Docker Addresses API Vulnerability That Can Bypass Auth Plugins

Summary A significant vulnerability CVE-2024-41110 was recently discovered in Docker Engine version 18.09.1.Although the issue was identified and fixed in 2019, the patch did not apply to other major versions, resulting in regression. The vulnerability was assigned a CVSS score of 10 critical...

Spoutible Enhances Platform Security through Partnership with Wallarm

Spoutible, the rapidly growing social media platform known for its commitment to fostering a safe, inclusive, and respectful online community, has taken a significant step forward in its mission to ensure user safety, security and data integrity. Recognizing the critical importance of robust API...

Blocking Compromised Tokens with Wallarm

In our Annual API ThreatStats report, we highlighted the increasing threat of API Leaks. An API Leak is the disclosure of sensitive API information, such as a token, credential, or private schema. These leaks can occur directly via the API itself, but also via third party tools used to manage...

How to Prepare for a Cyberattack

Deciphering the Cyber Invasion Terrain We exist in an era deeply entrenched in digital dependence, where cyber invasions present significant risks for companies, government establishments, and solitary users. As we hurdle deeper into the digital era, the art of cyber misdemeanors continues to...

What Is Network Segmentation

Unearthing the Basics: Your Guide to Understanding Network Partitioning A fundamental tenet of network partitioning is its critical role in digital defense. But, what does this truly embody? If you were to break it down, network partitioning refers to an approach that segregates a digital system...

What Is Network Detection and Response (NDR)?

Network Detection and Response NDR: Demystifying the Basics The Internet Security Tool known as Network Analysis and Immediate Action NAIA signifies a transformational step in cyber protection. This innovative framework fuses the power of artificial intelligence and the predictive prowess of...

What is RabbitMQ?

Grasping the Basics: What is RabbitMQ? Take a step into the realm of software development, where efficient and smooth interaction between various applications is the linchpin. Here, we bring into the mix RabbitMQ. Going down to brass tacks, RabbitMQ serves as a no-cost message broker tool,...

Elevating Enterprise API Security with Wallarm for MuleSoft Anypoint Platform

In an age characterized by digital transformation, APIs serve as the backbone of modern applications, enabling diverse systems to communicate and share data seamlessly. This widespread API adoption, however, exposes organizations to a considerable attack surface, inviting the attention of cyber...

Wallarm Webinar: NIST CSF 2.0, API Security, and CISO Imperatives

Last week, our good friend Raj Umadas, Director of Security at ActBlue, teamed up with our very own Tim Erlin, Head of Product, to talk about the newly proposed NIST Cybersecurity Framework CSF. It was a fantastic discussion covering the intent behind this update, the major changes from v1.1 to...

What Is Local File Inclusion Vulnerability?

Introduction This article clarifies what nearby record consideration LFI weaknesses are, including the way assailants can take advantage of them on weak web applications and what safe coding practices can assist you with forestalling local document incorporation assaults. Record incorporations ar...

What is a Logic Bomb?

Cyber-attacks have become a norm these days as many as 4,000 attacks are happening every day, alone in the US. Bad actors have ample ways to target it’s the victim and the logic bomb is one of them. Logic bomb virus may seem subtle on the surface but can be profoundly damaging, if not taken care ...

Shift to Microservices: Evolve Your Security Practices & Container Security

Understand the best practices of shifting left to change your DevOps into DevSecOps. Your security health will get a serious boost. The post Shift to Microservices: Evolve Your Security Practices & Container Security appeared first on Wallarm Blog...

Join Wallarm at ISSA’s Cornerstones of Trust event on June 20th

Next week, local chapter of Information Systems Security Association check them out at http://www.sv-issa.org is organizing a focused security conference looking into the issues of securing end users, enterprise technologies and security processes. Come meet Wallarm to learn about trends and best...

Understanding the NCSC’s New API Security Guidance

Legislative, regulatory, and advisory bodies the world over are waking up to the importance of API security. Most recently, the UK’s National Cyber Security Centre NCSC has published detailed guidance on best practices for building and maintaining secure APIs. In this blog, we’ll break down that...

Data Leaks and AI Agents: Why Your APIs Could Be Exposing Sensitive Information

Most organizations are using AI in some way today, whether they know it or not. Some are merely beginning to experiment with it, using tools like chatbots. Others, however, have integrated agentic AI directly into their business procedures and APIs. While both types of organizations are undoubted...

Sistema Automático de Identificación de Huellas Dactilares – AFIS

Historia del sistema automatizado de identificación de huellas dactilares No cabe duda, el Mecanismo Computarizado de Detección de Marcas Dactilares, usualmente abreviado como AFIS, ha tenido un rol crucial en la intensificación de la seguridad y en la eficacia de los procedimientos judiciales...

Stopping Credential Stuffing Attacks: We Need to Do Better

Do you know what 23andMe, Jason's Deli, North Face, and Hot Topic have in common? They've all been breached by successful credential stuffing attacks in the last year! An attack type that has gained prominence in recent years is credential stuffing. In this blog, we will explore what credential...