Native integrations in Wallarm WAF

How to configure sending reports to email? How to get a notification to the messenger about an event requiring a response? How to connect Wallam and other solutions that use DevOps and the security team? Integrations will help to solve all these issues in Wallam WAF. And today we'll talk about th...

The most cited Wallarm researches in 2019

Our researchers are constantly working on information security issues and in 2019 we published dozens of articles on this topic. Stay with us and let's make the IT world safer together! The post The most cited Wallarm researches in 2019 appeared first on Wallarm Blog...

Putting Wallarm Management Console on a Fast Track

With this update we significantly reduced Elasticsearch load and thereby improved the responsiveness of the user interface with an attack showing up within seconds of being detected. Our new user-friendly interface has a lag time of no more than 5 seconds. The post Putting Wallarm Management...

Cybersecurity: What to Expect in the Year Ahead

So, what lies ahead? Let’s turn over our virtual coffee cups and read the coffee grounds. .... report also shows that as many as 60% of all hacker attacks are using a compromised web application to gain unauthorized access or steal data. The post Cybersecurity: What to Expect in the Year Ahead...

A Match Made in the Clouds

With recent explosion of Kubernetes adoption and Wallarm’s consistent effort to deliver Kubernetes native security offerings, I feel tremendous confidence in our collective ability to stay ahead of the emerging threats in the cloud native ecosystem. The post A Match Made in the Clouds appeared...

New Wallarm Dashboard

There is an update in the Wallarm Console, which presents a brand new dashboard that can’t be missed. There are three significant changes that are worth mentioning: New structure. The dashboard has a new, clear structure emphasizing multiple modules of the Wallarm Platform — WAF, Scanner, FAST. T...

GraphQL Batching Attack

There is a new attack surface when the app tech stack includes GraphQL. It's Batched Attacks on GraphQL APIs. How can these apps be protected? Read more to find out. The post GraphQL Batching Attack appeared first on Wallarm Blog...

Why and how to disable introspection query for GraphQL APIs

Intro In the last post, we touched on the topic of GraphQL security. As a reminder, GraphQL is a popular alternative to REST APIs. A single article can not encapsulate all the things one wants to know about such an interesting technology. This installment of the series will look at the first step...

Wallarm Launches Support of Envoy Proxy/ Envoy API Protection

Wallarm can protect North-South API in the applications that use Envoy as an alternative Ingress controller at the front end of a Kubernetes cluster. Wallarm can also protect edge traffic and also East-West Envoy API for Service-Mesh and Istio. The post Wallarm Launches Support of Envoy Proxy/...

Is Service Mesh right for your infrastructure?

Andrew Jenkins of Aspen Mesh identifies three deployment options with regards to how a Service Mesh delivers its services: As a sidecar that runs alongside your microservice container As a library that can be built into each of the microservices As an agent that sit in the container infrastructur...

What The Actual WAF!?

we need to kick out the solutions that are no longer functioning to give ample room for the advanced WAF solutions. Join us in this discussion. The post What The Actual WAF!? appeared first on Wallarm Blog...

Race Condition in Web Applications

Even web application APIs can be subject to race conditions. Check out where it can happen such as the cases of HTTP pipelining, splitting HTTP and others. The post Race Condition in Web Applications appeared first on Wallarm Blog...

Legacy WAF Issues

Traditional WAFs speak to bigger adoption problems for technologists, innovators, and businesses. Making a decision in today’s marketplace is like being a kid in a toy store. There are so many options that excitement quickly turns to settling on a familiar choice, so it’s no surprise that...

Securing GraphQL. Part 1

GraphQL is an alternative to the REST concept that allows working with the data in a more structured and object-oriented way. This technology is very famous and used by many enterprise companies such as Facebook, Walmart, Intuit among other. Whether you know it or not, GraphQL has a significant...

The hidden costs of security breaches

The real cost of a security breach to your business is larger than many imagine. On the surface there is incredible expensive to recovering from breaches. What is often also at risk is the inestimable damage to company morale, brand reputation, and operations. The post The hidden costs of securit...

Tips for Securing Online Payments

Understand how e-commerce transactions work, what a payment gateway is, and how to keep your online payments secure. Online businesses mean even more reliance of customer trust, which means higher security. The post Tips for Securing Online Payments appeared first on Wallarm Blog...

What is Kubernetes?

Kubernetes is becoming a common enough word, but what is it, how does it benefit your world, and how does it work? The post What is Kubernetes? appeared first on Wallarm Blog...

What DevOps trends to follow (and what to ignore)

Cut through the fluff and get to the heart of which DevOps trends are worth hitching your wagon or budget to in the coming years—and which should be marked with a hazard warning. From containers to chaos engineering, here are the DevOps trends to trash and the ones you'll want to go fanboy on." T...

4 DevOps Strategies to Boost Your Security

DevSecOps is more than a corporate buzzword. As a combined term, DevSecOps bears out the interdependence of responsibilities that lead to security transformation from a fixed set of inflexible tools into security as a process. The post 4 DevOps Strategies to Boost Your Security appeared first on...

Security 101 for eCommerce Businesses

Understand the risks to ecommerce businesses and how to secure your online business. Know the fact from compliance to dealing with hackers, at any level of business maturity. The post Security 101 for eCommerce Businesses appeared first on Wallarm Blog...

Perimeter Breaches: The attack front you’re losing

Everything is data. Defining your perimeter is nearly impossible, which makes securing it even more tricky. Old strategies are obsolete. How do we navigate and protect our boundaries in an increasingly digital world? The post Perimeter Breaches: The attack front you're losing appeared first on...

PHP Remote Code Execution 0-Day Discovered in Real World CTF Exercise

When a security researcher found an unusual PHP script while solving an hCorem Capture the Flag task, it reveal hundreds of millions of users are vulnerable to attack. Learn the deep tech. The post PHP Remote Code Execution 0-Day Discovered in Real World CTF Exercise appeared first on Wallarm Blo...

Recent discoveries reveal high-risk PHP vulnerabilities

Hundreds of millions of people using everyday platforms could be at risk. One of the most popular server-side web programming languages, Hypertext Preprocessor PHP was discovered to be at high risk for attacks. Patches for high-severity vulnerabilities have been released. Without a protective...

Wallarm connector to Apigee

If you are a business undergoing a digital transformation, like Walgreens, Nike or Bechtel, heavy reliance on APIs is a key part of that digital transformation strategy. “The growing demand for information, delivered securely at any time, in any place and on any device has changed the way we thin...

An Analog Approach to Secure Operations in Kubernetes

Security is not something you achieve. It's something you continually take care of and understand as constantly transforming. Here are our tips about your K8s cybersecurity The post An Analog Approach to Secure Operations in Kubernetes appeared first on Wallarm Blog...

An Analog Approach to Secure Operations in Kubernetes

Security is not something you achieve. It's something you continually take care of and understand as constantly transforming. Here are our tips about your K8s cybersecurity The post An Analog Approach to Secure Operations in Kubernetes appeared first on Wallarm Blog...

WAF-Based Attacks & The Future of Security

Understand WAFs and cybersecurity. Recent WAF-based breaches with CapitalOne, Imperva, and Cloudflare offer essential lessons we can learn from where WAF technology is failing us and what can we do to improve our security. The post WAF-Based Attacks & The Future of Security appeared first on...

WAF-Based Attacks & The Future of Security

Understand WAFs and cybersecurity. Recent WAF-based breaches with CapitalOne, Imperva, and Cloudflare offer essential lessons we can learn from where WAF technology is failing us and what can we do to improve our security. The post WAF-Based Attacks & The Future of Security appeared first on...

Shift to Microservices: Evolve Your Security Practices & Container Security

Understand the best practices of shifting left to change your DevOps into DevSecOps. Your security health will get a serious boost. The post Shift to Microservices: Evolve Your Security Practices & Container Security appeared first on Wallarm Blog...

Shift to Microservices: Evolve Your Security Practices & Container Security

Understand the best practices of shifting left to change your DevOps into DevSecOps. Your security health will get a serious boost. The post Shift to Microservices: Evolve Your Security Practices & Container Security appeared first on Wallarm Blog...

Choose the right ingress controller for your Kubernetes environment

Choosing the right ingress controller can help you ensure the right infrastructure, direction, and level of customization. Get the information about ingress controllers you need. The post Choose the right ingress controller for your Kubernetes environment appeared first on Wallarm Blog...

Choose the right ingress controller for your Kubernetes environment

Choosing the right ingress controller can help you ensure the right infrastructure, direction, and level of customization. Get the information about ingress controllers you need. The post Choose the right ingress controller for your Kubernetes environment appeared first on Wallarm Blog...

Frenemy at the Gates: The Breaching

Online businesses have to be careful. It’s a dangerous world, full of anonymous people and services wearing digital skins. It sounds horrific because it is. On the other side of a transaction, could be anyone. Extra measures have to be made to secure web interfaces and API endpoints that online...

Frenemy at the Gates: The Breaching

Online businesses have to be careful. It’s a dangerous world, full of anonymous people and services wearing digital skins. It sounds horrific because it is. On the other side of a transaction, could be anyone. Extra measures have to be made to secure web interfaces and API endpoints that online...

What The Actual WAF!?

InfoSec Family, we need to talk!! Every so often, there is a technological shift in the information security industry. Sometimes it is due to new cyberattack discovery, aka a Zero-day. Many times, the catalyst is legacy technology. When a legacy technology no longer adequately responds to the...

Wallarm connector to Apigee

If you are a business undergoing a digital transformation, like Walgreens, Nike or Bechtel, heavy reliance on APIs is a key part of that digital transformation strategy. “The growing demand for information, delivered securely at any time, in any place and on any device has changed the way we thin...

Autoscaling Wallarm Nodes in AWS, GCP, and Azure

Newly updated Wallarm Node images now natively support autoscaling capabilities in AWS, GCP, and Azure. Updated images are already available in cloud provider marketplaces and can rely on the native auto-scaling to adjust the number of nodes based on traffic, CPU load, and other parameters. What ...

Autoscaling Wallarm Nodes in AWS, GCP, and Azure

Newly updated Wallarm Node images now natively support autoscaling capabilities in AWS, GCP, and Azure. Updated images are already available in cloud provider marketplaces and can rely on the native auto-scaling to adjust the number of nodes based on traffic, CPU load, and other parameters. What ...

Defining Wallarm API-specific Rules

Case Study Using SugarCRM API As an Example A unique Wallarm AI feature is its ability to automatically detect and parse complicated API protocols and then set up security rules based on specific data or parameters deep inside the API. Once parsed, the system creates the rules-based both on where...

Defining Wallarm API-specific Rules

Automatically Detect + Parse and Set Your Own Rules A unique Wallarm AI feature is its ability to automatically detect and parse complicated API protocols and then set up security rules based on specific data or parameters deep inside the API. Once parsed, the system creates the rules-based both ...

Using Threat Modeling in Cybersecurity to Hunt and Remediate

Modern-day cyberattacks keep growing in sophistication and sheer volume. This dynamic makes it virtually impossible to detect and block all attacks using the traditional methods of comparing incoming requests to known attack signatures. To effectively operate in this new aggressive cyberthreat...

Using Threat Modeling in Cybersecurity to Hunt and Remediate

Modern-day cyberattacks keep growing in sophistication and sheer volume. This dynamic makes it virtually impossible to detect and block all attacks using the traditional methods of comparing incoming requests to known attack signatures. To effectively operate in this new aggressive cyberthreat...

Latest Bypassing Techniques Beats SOAP/XML API Protection

Latest Bypassing Techniques Beat SOAP/XML API Protection It is impossible to protect APIs unless you take a deep dive into the protocols implemented over the standard HTTP. Most security tools are not protecting data where it’s most vulnerable, inside the XML schema itself. These encoding attacks...

Latest Bypassing Techniques Beat SOAP/XML API Protection

It is impossible to protect APIs unless you take a deep dive into the protocols implemented over the standard HTTP. Most security tools are not protecting data where it’s most vulnerable, inside the XML schema itself. These encoding attacks are going unflagged by many application platforms, despi...

Is your org structure threatening your IT security infrastructure?

5 Tips to Solve API Security Issues in Any IT Security Infrastructure Start listening. Integrating isn’t enough if your teams aren’t talking. In a hyper-competitive environment, keeping up with customer usability demands often means adopting a hyper-agile development process. It’s a dangerous...

Is your org structure threatening your IT security infrastructure?

In a hyper-competitive environment, keeping up with customer usability demands often means adopting a hyper-agile development process. It’s a dangerous devil’s bargain. Security gets left on the cutting room floor in pursuit of highly responsive, first-to-market, code-to-customer feature flow...

What stealthy attacks are hiding in API data — and why do most WAF miss them?!

What stealthy attacks are hiding in API data — and why do most WAF miss them?! API Data: What is it and how is it saying it? APIs are the blood flow of today’s applications — from online browser-based apps to mobile apps to sophisticated distributed enterprise applications connecting dozens of...

What stealthy attacks are hiding in API data — and why do most WAF miss them?!

Is JSON really more secure than other data encoding formats? JSON is a serialization format that allows users to 1 send objects as strings and then 2 it sends applications to recover objects from those strings. So, the short answer is that the JSON format as dangerous as other serialization...

MTGOX: Crypto Failure is in the Name.

Mt. Gox Bitcoin Heist: Takeaways from a $3.3B Crypto Exchange Breach It was all fun and games, until someone lost 850,000 BTC from a Tokyo-based exchange, MTGOX, in 2014. Understanding how cryptocurrency exchanges evolved into hacker fantasy islands is all in the name. MTGOX, a company remembered...

MTGOX: Crypto Failure is in the Name.

Understanding how cryptocurrency exchanges evolved into hacker fantasy islands is all in the name. MTGOX, a company remembered for the largest crypto breach in history, is an acronym for Magic The Gathering Online Exchange MTGOX. The absurd rise and fall of MTGOX is critical to understanding the...