8 Tips and Best Practices to Build a Solid Cloud Migration Strategy for 2019

Here are eight fool-proof practices that can help you move your workloads to the cloud. A quick look at cloud migration. Cloud migration involves moving an organization’s data storage and IT operations to a cloud network. Cloud computing services are hosted in a multi-tenant environment and can b...

Visit Wallarm at Google Cloud Next

April 9–11, San Francisco, CA We are excited to join the community of the GCP professionals and demonstrate Wallarm web and API protection solutions custom-built for Google Cloud-powered applications. A certified GCP-partner, Wallarm delivers AI-powered security solution built to help your busine...

Can your Printer Hack your Secrets: Appweb Authorization Bypass

How IoT can pave the way for data breaches: Understanding the Appweb Authorization Bypass An engineering POV into everyday vulnerability. The everyday things you rely on may leave you vulnerable to attack. And it may not be the things themselves, but what is hiding inside. Are your IoT devices,...

What to Expect at RSA 2019

Attending RSAC 2019? The week promises to be full of exciting content, useful connections, networking and insights into new security trends. BSides San Francisco The week will start on March 3rd with the amazing BSides event. The BSides community has continuously raised the bar and put the INFO...

Wallarm Named to the Big50 2018–19 Report on the Top Startups in Tech

Wallarm has been named a “Hot Startup to Watch” in Startup50’s Big50 2018–19 Startup Report. The Big50 2018–19 Startup Report spotlights 50 high-upside startups that have gained a foothold in fast-growth tech sectors. Each year, Startup50 features startups that are poised to upend the status quo ...

Make Sure Your Security Is Ready for the President’s Day Shopping Spree

By Tony Bradley The following article was originally written to provide e-retailers with tip and tricks for the Black Friday and Cyber Monday shopping. However, with the biggest President’s day spring sales approaching, the best practices and how-to remain the same. More about e-commerce security...

XXE that can Bypass WAF Protection

by Alex Drozdov, Wallarm Research XXE or XML External Entities is a new issue in the 2017 OWASP Top 10 vulnerability list. This is the only new issue of the set that was introduced based on direct data evidence from the security issues database. XML is commonly used for metadata of everything fro...

Wallarm to Sponsor AppSec Cali

If you are a SecOps or DevOps professional on the west coast you can not miss the premier California application security event: AppSec California, January 22–25th in Santa Monica. Here are testimonials from the previous AppSec Cali events: “I'm looking forward to AppSecCali next week. Last year...

Comparing Wallarm WAF Module to a Generic WAF

Comparing Wallarm Cloud Based WAF to a Legacy WAF What do you do if you need to protect your website from XSS attacks? You patch it and get a WAF. This is common knowledge and there are plenty of places where you could go to get basic protection for your websites. From a free solution to solution...

Hackathon is over: Here are our winners!

A few weeks ago Wallarm has launched a hackathon to create a machine learning / AI model to detect attacks among normal web requests. The competition was run on Kaggle as InClass. In this competition, Kagglers were asked to develop models that identify injections among neutral input vectors using...

Welcome, Brooke Motta!

By Ivan Novikov I am excited to announce a great addition to our Go-To-Market team. Brooke Motta has joined Wallarm as Vice President of Sales. Brooke brings 15 years of Cyber Security Sales Experience to the team. She has experience selling up and down the organization from an individual securit...

My Takeaways from the Gartner I&O Conference

By Renata Budko, Wallarm Last week I spent a few days in Las Vegas with the great folks at the Gartner IT Infrastructure, Operations & Cloud Strategies Conference. Gathered for the conference there were experts around the world from analysts to VPs to infrastructure and operations leaders to...

App Security and PCI; Are you ready for the audit?

As most people know, merchants, financial institutions and anybody else who is involved in processing credit cards are subject to the PCI DSS compliance to reduce fraud and cybersecurity risks. This affects both brick-n-mortar stores and banks as well as card-not-present CNP transactions that...

Six Xmas Gifts for the Pentester in your Life

Some of my best friends are ethical hackers. With the holidays approaching, these special people in my life will need special presents. Whether they are bounty hunting, pentesting as a part of a consulting project, doing security research to advance the field or working on a Red Team, they will...

RCE in PHP or how to bypass disable_functions in PHP installations

Today we will explore an exciting method to remotely execute code even if an administrator set disablefunctions in the PHP configuration file. It works at most popular UNIX-like systems. CVE-2018–19518 was assigned to the vulnerability was found by a man with the @crlf nickname. Let’s see details...

Wallarm to Sponsor KubeCon + CloudNative Con

If you have not registered yet for the main Kubernetes event in North America which will start on December 10th in Seattle, you may be out of luck. The event is sold out and is only taking the waitlist applications. But if you are going, KubeCon + CloudNativeCon promises to be a treat with the...

“Fire Danger Rating” on “High” in Security Climate

November was a scary month in California. After four years of drought, the forests and towns in the northern part of the state exploded into wildfires, displacing thousands of residents and destroying millions of dollars of property. The foul air in San Francisco and the surrounding areas was a...

Happy graduation, Envoy!

Envoy, the new darling of the DevOps community, performs the role of a service and edge proxy. With advanced features such as timeouts, rate limiting, circuit breaking, load balancing, retries, stats, logging, and distributed tracing are required to handle network failures in a fault tolerant and...

FAST or Burp or both?

By @aLLy , Wallarm Research Hello guys, time to talk details about Wallarm FAST Framework for Application Security Testing. It’s a new automatic web vulnerability scanning and fuzzing detection tool by Wallarm Inc. It is well suited for security researchers in enterprise Red Teams as well as for...

Wallarm New Open Source Module and Kaggle Hackathon

A key element of any security solution, whether its a WAF, NGWAF, RASP or even a SIEM or a classic IDS, is the ability to correctly detect whether an incoming API request is malicious. The traditional way to do it is using signatures and regular expressions regex. Some sets of signatures are...

Extending fuzzing with Burp by FAST

I love Burp Suite, like really. It’s the most convenient tool to visualize what’s happening with apps, what requests look like and to test simple things like XSS injection. At the same time, it’s really hard for me to do something more complicated, like implementing custom fuzzing with having to...

Wallarm now available on Azure

Wallarm is excited to announce the native availability of Wallarm node on Azure. While in the past Wallarm customers in Azure environment had to install Wallarm nodes as dynamic modules manually into their Azure instances with NGINX, the new release allows deployment from a pre-configured image...

New GigaOm Report: Path to DevOps Success

This month Wallarm has partnered with GigaOm to help our DevOps customers better understand the industry landscape and strategies to address the challenges of doing things the agile way. GigaOm’s perspective is that of the unbiased enterprise practitioner. GigaOm works directly with enterprises...

Wallarm joins CNCF to promote Kubernetes security

Wallarm has recently joined the Linux Foundation and its sister organization, Cloud Native Computing Foundation. Wallarm will be contributing its AI/ML security expertise within the LF and CNCF communities to support the sustainability and adoption of open source technologies. Wallarm and its...

Here Comes Wallarm

Today we are happy to announce the closing of $8 Million Series A financing. After talking with many venture firms in California, we decided to partner up with Toba Capital, a firm with an excellent understanding of the enterprise market and previous successful investments in security, such as...

Tools to address OWASP Top 10 Risks

In a recent article published by Security Boulevard. we talked about OWASP Top 10 Risk classification and overlap. In this post, we will look into the tools that may help address these risks. To understand what’s possible to cover with which protection mechanisms we can now color-code our OWASP...

Wallarm NG-WAF is Now a Part of Kong Hub to Provide Better Protection for Microservices, APIs and…

Wallarm NG-WAF is Now a Part of Kong Hub to Provide Better Protection for Microservices, APIs and Serverless Thousands of companies from startups to Fortune 500 enterprises use Kong as their API gateway. With a blazingly fast performance, it comes with a perfect feature set for everyone who manag...

Wallarm joins AI Leaders @ AI Summit

Wallarm joins a select group of AI startups and prominent technologists from Nvidia, Netflix, Microsoft and Amazon to participate in AI Summit on September 19–20 at San Francisco’s Palace of Fine Arts. AI Summit puts AI to work by delivering real value in the business. In just 3 years this...

Wallarm Kubernetes Ingress Controller

Kubernetes is a popular technology which aims to improve how containers, microservices and other distributed components are managed across varied infrastructure. Since it was first announced by Google in 2014, it has grown in adoption and is now one of the leading system for automated deployment...

What’s New in Wallarm Node 2.10

We have recently released a new version of Wallarm Node. After your next update window, you will see some new features your DevOps team is certain to like. Firstly, your monitoring and reporting got a lot livelier. Starting with this version in addition to JSON format metrics can be exported in...

BlackHat Week is Coming Up

It’s that time of the year again and our team is packing up to go to Las Vegas. Our theme this year is DevSecOps. As companies are embracing DevOps processes, adopt continuous development and continuous integration and follow the agile methodology, it becomes obvious that the old security model o...

Wallarm Recognized on CRN 2018 Emerging Vendor List

We are delighted to share that CRN® has named Wallarm to its 2018 Emerging Vendors List in the Security Category category. The complete Emerging Vendors list will be featured online at www.crn.com/emergingvendor. This list recognizes up-and-coming technology suppliers who are shaping the future o...

ON PREM vs. CLOUD.

Security and Other considerations. Part 2 By Johan Nordstrom To be able to keep up with the development of new security threats, companies need to rethink their security strategies. The basics must be to decrease complexity and use automated solutions when possible. There has been a change in the...

Neatly bypassing CSP

How to trick CSP in letting you run whatever you want By bo0om, Wallarm research Content Security Policy or CSP is a built-in browser technology which helps protect from attacks such as cross-site scripting XSS. It lists and describes paths and sources, from which the browser can safely load...

Key Considerations in API security

Every day, there are billions of API calls being executed. These include public APIs, private APIs, SaaS APIs, APIs performing mobile back-end functions and many more. Given the gravity of the threat and the sheer volume of what’s exposed, how do we develop systems that are both safe and robust?...

ON PREM vs. CLOUD.

Security and Other considerations. Part 1 By Johan Nordstrom The only constant in this world is change, and these days it’s coming quicker and faster than ever before, as is evident in the explosive market for cloud services. A recent research and analysis from Cisco showed that the global intern...

HealthTech Security and Compliance, the Practitioner View

A conversation with George Michelson, a long term executive of LiveWatch Services George, can you tell us a bit about yourself? I am an IT professional with over 25 years of experience spanning different industries. From 2008 to 2013 I was serving as a vice president of IT for LIfeWatch Services,...

TensorFlow Dataset API for increasing training speed of neural networks

by M.Salnikov, Wallarm Research Wallarm AI engine is the heart of our security solution. Two key parameters of our AI engine efficiency are how fast neural networks can be train to reflect the updated training sets and how much compute power need to be dedicated to the training on the on-going...

Sit-down with Wallarm CTO, Alex Golovko

I have had a chance to pose a few questions to Alexander Golovko, one of the co-founders of Wallarm and our CTO. Here are Alex’s reflections on Wallarm and some technology trends. How did Wallarm get its start? Ivan Wallarm’s founder has involved me in various projects on and off since 2010. By...

More industry awards for our portfolio

Wallarm is pleased to have been selected as a finalist in the Cyber Security Startup of the Year and Innovative Product of the Year- Cloud Based categories for the 2018 Cyber Security Awards. The Cyber Security Awards were established in 2014, to reward the best individuals, teams and companies...

Cache poisoning and other dirty tricks

by @bo0om, Wallarm Research Caching is a great technology practice. It makes life better for everybody — clients get the data faster, servers expend fewer resources and so on. There is even a whole CDN industry that was built to deliver caching as a service. There are many examples of caching...

Riccardo Di Blasio joins Wallarm as an advisor

We are excited to welcome Riccardo Di Blasio to Wallarm advisory team. Riccardo is a well known industry executive who brings his experience running go-to-market operations and managing business worldwide for large internationals like EMC Corp and VMware, including RSA Security. Riccardo’s...

Wallarm Node — now as a Google Cloud image

Today we’re excited to announce native availability of Wallarm Node image for Google Cloud Platform GCP. Many Wallarm customers and prospects use Google Cloud for its high-performance, scalable infrastructure with excellent price/performance. The ability to customize machine types to customer...

Quick tip: Watch out — restriction by location can be circumvented.

by @Andrey Danau, Wallarm Research If you are like many app developers, you may be using nginx or apache proxy or a web server on the front end of your application. If you are on a tight schedule, it is tempting to tie authorization and data controls simply to the locations defined in the front...

TiE Inflect 2018 announces Wallarm as a 2018 TiE50 Finalist

We are excited to share one more win for the Wallarm team. Wallarm has been selected as a “2018 TiE50 Finalist” for the prestigious TiE50 Awards Program recognizing the world’s most innovative tech startups. This awards competition is part of TiE Inflect 2018, a prominent conference for tech...

Drupalgeddon Two.

New Drupal Vulnerability in Detail By @aLLy The second Drupalgeddon has come! It is a new variant of a critical vulnerability in one of the most popular CMSs, which caused a big stir. This newly-discovered breach allows any unregistered user execute commands in the target system by means of a...

Securing Cloud-Native Applications

A conversation with Randy Bias Last week we were able to sit down with Randy Bias — a cloud pioneer and a technology visionary who currently oversees Juniper Networks cloud strategy. We have asked Randy to share his thoughts on the security of private and public clouds and specifically cloud-nati...

What’s New in Wallarm

New features in Wallarm Cloud Dashboard At Wallarm, we subscribe to the continuous delivery methodology. Some of you may have already seen these features as we have been releasing them over the past weeks. For those of you who haven’t, this post will point out all the new shiny improvements for...

Getting ready for May 25th

How Wallarm helps with GDPR On May 25, 2018 the General Data Protection Regulation GDPR becomes enforceable. Both European and international companies are reviewing their existing data processing practices to ensure their are in compliance with the new standard, as the proposed non-GDPR complianc...

Weather Forecast for April — It’s Raining Security Pros

As you are planning out your spring calendar, make sure an April visit to San Francisco is on it. Anchored by RSA Conference 2018, San Francisco will become a center of US security life for a week. The week will start with some training events and, of course, BSides San Francisco. Bsides is a...