CRUD VS REST Explained

In the digital creation field, particularly web building, there exists two phrases that often become a riddle for neophytes and even seasoned coders: CRUD and REST. These pair of notions form the bedrock of knowledge in comprehending how information is tweaked and relayed across the World Wide We...

Improper Authorization in Confluence Data Center and Server (CVE-2023-22518)

In early November, the cybersecurity community witnessed the exploitation of a zero-day vulnerability in Confluence Data Center and Server. This critical vulnerability was related to Improper Authorization and assigned CVE-2023-22518 identifier. In this blog, we delve into the details of these...

Apigee API Security policies howto

The Genesis of Apigee API Security Guidelines In today's digital epoch, APIs Application Programming Interfaces" have ascended to be the fundamental infrastructure underpinning software development - furnishing the medium for diverse software systems to interact and exchange data. Yet, with this...

API Leaks

Grasping the Fundamentals of API Breaches API, short for Application Programming Interface, consists of a stipulated set of guidelines and procedures enabling heterogeneous software applications to establish communication amongst them. Conceptualize it as an interconnecting channel that unites...

EDR vs MDR vs XDR

In the realm of security measures within the digital expanse, we recurrently stumble upon designations, namely, EDR Endpoint Detection and Response, MDR Managed Detection and Response, and XDR Extended Detection and Response. These abbreviations express singular methodologies fashioned to augment...

Navigating Threats – Insights from the Wallarm API ThreatStats™ Report Q3’2023

The world of digital technology is perpetually evolving, positioning cybersecurity as a frontline defense in safeguarding essential digital assets. A primary challenge in this sector, accentuated by the Wallarm API ThreatStats™ report Q3’2023, is ensuring robust API security. This in-depth report...

12 Cloud Security Issues Risks, Threats and Challenges

Unpacking the Cloud: Appreciating its Importance & Uncovering its Weak Points The cloud has utterly transformed our methods of data storage and retrieval. It has flawlessly woven itself into the fabric of our everyday lives, from a repository for precious memories to a platform that supports...

Testing with OpenAPI Specifications

The 2023 SANS Survey on API Security Jun-2023 found that less than 50 percent of respondents have API security testing tools in place. Even fewer 29 percent have API discovery tools. Wallarm delivers both these capabilities via our single, integrated App and API Security platform. Wallarm has lon...

Incident Response Plan: Frameworks and Steps

Gaining Insight: The Imperative for an Electronic Threat Handling Framework As we traverse further into the digital era, the threat of cyber encroachments elevates consistently. This looming risk is a reality for all, from emergent startups to well-established corporations, placing operations in...

Dark Web Monitoring

Unveiling Dark Web Surveillance: Bolstering Internet Safety Journey with us into the unchartered territories of the internet, where a masked sector called the Dark Net thrives. This secret hub is notorious for harboring unlawful actions ranging from infringed identity to stolen data, bringing for...

What Is Zero Trust Network Access (ZTNA) ?

Unraveling the Mysteries Behind the Zero Trust Network Access ZTNA Paradigm Digital protection strategies have traditionally relied heavily on the concept of trust. However, these conventional notions, which assume a considerable measure of security within an organization's connectivity sphere,...

What is a Polymorphic Virus detection and best practices ?

In the ever-evolving sphere of digital tech, the persistent threat of cyber intrusions remains a formidable concern. A notable example is the polymorphic virus, an insidiously clever adversary in the landscape of cyber threats. Let's probe the intrinsic nature, attributes, and behaviors of this...

What is a Cloud Native Application Protection Platform CNAPP ?

Revealing the Secrets of the Cloud-specific Application Safety Platform CSASP In the landscape of online safety, the notion of the Cloud-specific Application Safety Platform CSASP is something relatively unheard of, but rapidly gaining popularity. Intuitively from its name, CSASP is a system...

What is a Cloud Workload Protection Platform ? (CWPP)

Diving into the Depths of Cloud Workload Defense Framework CWDF Mysteries Setting out to understand cloud security, one frequently encounters the term - Cloud Workload Defense Framework CWDF. What exact role does CWDF play? Let's decode this riddle. At its core, the Cloud Workload Defense Framewo...

XDR vs. SIEM

Enhanced Discovery and Resolution, or more commonly known as XDR, serves as a revolutionary model in cybersecurity. It works by combining multiple security apparatuses into a solitary system, thus uplifting the ability for threat detections and subsequent responses. Unlike the standard...

What is MDR ?

Gaining Insight: Decoding MDR's Functions As we navigate the continually evolving cybersecurity landscape, Managed Detection and Response MDR surfaces as a game-changing strategy. But, what does MDR truly signify? In its purest form, MDR marries technical expertise with sector-specific knowledge ...

Unlocking API Security Excellence: Wallarm at OWASP Global AppSec DC 2023

If you're involved in securing APIs, applications and web applications, or looking to learn about these, then the OWASP Global AppSec DC Conference next week is a must-attend event. Wallarm, the experts in API and application security, will be there, and we're excited to connect with you on Octob...

What is Traffic Shaping ?

Unraveling the Enigma of Traffic Modulation Within the realm of digital information, data traffic parallels a high-speed freeway, ferrying packets of details to-and-fro. So what transpires when there's an excessive influx, leading to an overburdened data expressway? This is where the enigma of...

What is User and Entity Behavior Analytics (UEBA) ?

As the digital world continually transforms at a rapid pace, the necessity for high-grade, reliable safety controls becomes even more crucial. Among a pool of security tactics and tools, User and Entity Behavior Analytics UEBA rises as a formidable measure to shield digital commodities. This...

What is Zero Trust Architecture (ZTA) ?

Trust No One, Secure Everything: Unpacking Zero Trust Architecture In the ever-evolving landscape of cybersecurity, the traditional approach of building a robust wall around your network and trusting everything inside it is no longer sufficient. The rise of cloud computing, remote work, and mobil...

What is Progressive Delivery ?

Delving Into the Essential Elements of Incremental Deployment Incremental deployment is an approach in the realm of software engineering, characterized by a phased release cycle. It allows the introduction of new features or updates to a select user community initially, before rolling them out to...

Application Layer Gateway (ALG) Explained: What it is & Why You Need it ?

Snippet When you hear "Application Layer Gateway," or ALG for short, think of it as a network traffic conductor. It's the unsung hero that examines data packets, making sure they follow specific rules and get to where they're supposed to go—securely and efficiently. Quick Facts Definition In the...

Mobile Application Security

Our progression into the digital age has notably changed the way we function. Everything from financial management, online purchases, virtual education, to entertainment—has been compacted into the easily-navigatable universe of apps on our handheld devices. This amplified reliance on mobile...

What is Cloud Migration ?

Dispelling the Fog: Unraveling Cloud Migration In the technological realm, cloud migration is a burgeoning trend that's swiftly taking center stage. However, its definite meaning may not be crystal clear to all. Simply put, cloud migration is the process where essential business constituents such...

What is SSL/TLS ?

In the intricate tapestry of the digital world, threads of information interweave, forming connections, enabling interactions, and crafting narratives. Amidst this, a silent protector—SSL/TLS—ensures that the stories told are safeguarded, secure, and sincere. This comprehensive guide unravels the...

What is The Dark Web ?

The Undernet, a term frequently shrouded in enigma and often linked with unlawful activities, is a concealed segment of the digital world that is purposefully veiled and unreachable via regular internet browsers. This chapter aims to unveil the secrets of the Undernet, step by step demythifying i...

Elevating Enterprise API Security with Wallarm for MuleSoft Anypoint Platform

In an age characterized by digital transformation, APIs serve as the backbone of modern applications, enabling diverse systems to communicate and share data seamlessly. This widespread API adoption, however, exposes organizations to a considerable attack surface, inviting the attention of cyber...

What is XDR ?

Unpacking XDR: Broadened Acknowledgment and Response In the perpetually advancing domain of digital protection, new lingo and philosophies constantly emerge. Among the more recent additions is XDR, an acronym for Extended Detection and Response. This passage will provide a detailed insight into...

What is WAN Acceleration?

Hook: Network Sluggish? Learn What WAN Acceleration Is Ever been in a virtual meeting that froze at the worst possible moment? Or had your staff grumble about slow data transfers that are as slow as molasses? If your answer is a weary "yes," it's high time to turn your eyes toward WAN Acceleratio...

2023 OWASP Top-10 Series: Wrap Up

Over the past several months, we've taken a journey through the new 2023 OWASP API Security Top-10 list. In the previous 12 weekly posts, we've delved into each category, discussed what it is, how it's exploited, why it matters, and suggested effective protections for each. Now, as we conclude th...

Most Common Types of Cyber Attacks

Pioneering Perspectives on Prevalent Cyber Threats for Beginners Delving into the technology-powered period, it's indispensable to perceive technology as more than just a tool. Indeed, it has become an essential aspect of our day-to-day activities. As we navigate this interconnected realm, it's...

2023 OWASP Top-10 Series: Spotlight on Injection

Welcome to the 12th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it. To see previous posts you might...

2023 OWASP Top-10 Series: API10:2023 Unsafe Consumption of APIs

Welcome to the 11th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API10:2023 Unsafe Consumption of APIs. In this series we are taking an in-depth look at each category – the details, the impact...

What Is mTLS? The Essential Guide You Can’t Afford to Miss

Intro: mTLS — The Unsung Hero of Cybersecurity Picture this: You're a secret agent on a high-stakes mission. You have a briefcase full of confidential information that you need to hand over securely. Sure, you could pass it to another agent, but how do you know you can trust them? Here's where mT...

Unlocking Seamless API Security: Revenera’s Journey with Wallarm

In today's digital landscape, ensuring the security of web applications and APIs is paramount. The journey to find the right security solution can be filled with challenges and choices. In this blog post, we'll dive into the experience of Rob Davies, VP of Engineering and Lead Architect at...

Mastering API Security: Learn the 3 Key Principles at Kong API Summit 2023

In an era where APIs Application Programming Interfaces are the lifeblood of digital interactions, the need for robust API security has never been more critical. According to Gartner research, a staggering 90% of web-enabled applications are predicted to harbor vulnerabilities related to APIs. To...

2023 OWASP Top-10 Series: API9:2023 Improper Inventory Management

Welcome to the 10th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API9:2023 Improper Inventory Management. In this series we are taking an in-depth look at each category – the details, the impac...

Wallarm Webinar: NIST CSF 2.0, API Security, and CISO Imperatives

Last week, our good friend Raj Umadas, Director of Security at ActBlue, teamed up with our very own Tim Erlin, Head of Product, to talk about the newly proposed NIST Cybersecurity Framework CSF. It was a fantastic discussion covering the intent behind this update, the major changes from v1.1 to...

2023 OWASP Top-10 Series: API8:2023 Security Misconfiguration

Welcome to the 9th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API8:2023 Security Misconfiguration. In this series we are taking an in-depth look at each category – the details, the impact and...

2023 OWASP Top-10 Series: API7:2023 Server Side Request Forgery

Welcome to the 8th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API7:2023 Server Side Request Forgery SSRF. In this series we are taking an in-depth look at each category – the details, the...

Wallarm Presenting at BSides Albuquerque

If you’re in the Albuquerque area this Friday and/or Saturday, we hope you’re planning on going to BSides ABQ – it promises to be a fun-filled weekend of learning. The team there has pulled together an interesting set of talks covering a wide variety of topics such as Infosec Ontology, Social...

2023 OWASP Top-10 Series: API6:2023 Unrestricted Access to Sensitive Business Flows

Welcome to the 7th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API6:2023 Unrestricted Access to Sensitive Business Flows. In this series we are taking an in-depth look at each category – the...

2023 OWASP Top-10 Series: API5:2023 Broken Function Level Authorization

Welcome to the 6th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API5:2023 Broken Function Level Authorization. In this series we are taking an in-depth look at each category – the details, the...

API Abuse – Lessons from the Duolingo Data Scraping Attack

It’s been reported that 2.6 million user records sourced from the Duolingo app are for sale. The attacker apparently obtained them from an open API provided by the company. There’s a more technical explanation available here. While we talk a lot about the vulnerabilities in the OWASP API Top-10 a...

Act Now to Prepare for New NCUA Cyber Incident Reporting Requirements

We recently discussed the new SEC rule requiring all registered companies to report material cyber incidents within four 4 days. Now the National Credit Union Administration NCUA1 has updated their Cyber Incident Notification Rule, requiring all federally insured Credit Unions to notify the NCUA ...

Take Care of Orphan APIs with Wallarm

The Wallarm API Discovery module has been further enhanced to enable customers to identify Orphan APIs and bring them under management. In this post we’ll discuss what Orphan APIs are, why they matter, and how to regain control of your API portfolio. What Are Orphan APIs? Orphan APIs are endpoint...

2023 OWASP Top-10 Series: API4:2023 Unrestricted Resource Consumption

Welcome to the 5th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API4:2023 Unrestricted Resource Consumption. In this series we are taking an in-depth look at each category – the details, the...

Impact of the New SEC Cyber Incident Reporting Rules on the C-Suite and Beyond

We recently hosted a compact and very engaging panel discussion about the new SEC Cyber Incident Reporting Rules due to come into effect later this year. We were fortunate to be joined by two well-known experts: Sue Bergamo, a CISO, CIO, Board Member, Executive Advisor, and Investor with a track...

2023 OWASP Top-10 Series: API3:2023 Broken Object Property Level Authorization

Welcome to the 4th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API3:2023 Broken Object Property Level Authorization. In this series we are taking an in-depth look at each category – the detail...

Drinking Our Own Champagne: Enhancing API Security with FAST

Welcome to another inside story straight from the Wallarm labs. Today we’re taking you behind the scenes of our self-testing journey, showcasing how we "drink our own champagne" by implementing our Framework for Application Security Testing FAST to strengthen the security of our APIs. The intent ...