|
By Wallarm
In the fast-paced digital world, think of Application Programming Interfaces (APIs) as the threads that stitch together the fabric of our tech ecosystems. They're often overlooked, quietly ensuring that your apps communicate seamlessly and keep the digital world running smoothly. The majority of organizations grapple with a common challenge — limited visibility into their public API attack surfaces.
|
By Wallarm
If you're involved with cybersecurity and are based in Europe, then Black Hat Europe 2023 in London, December 6 and 7 is a must-attend event. Wallarm, the experts in API and Application Security, will be attending the event, and we're excited to connect with you. If you are planning to attend, come by our booth or feel free to schedule a slot to meet with our API and App Security experts.
|
By Wallarm
On November 16, 2023, a significant security concern was published by Google's Threat Analysis Group (TAG). They revealed an alarming vulnerability in Zimbra Collaboration, a widely-used email hosting tool for organizations. This vulnerability, designated with an identifier, CVE-2023-37580, is a glaring example of a reflected cross-site scripting (XSS) issue. It allows malicious scripts to be injected into unsuspecting users' browsers through a deceptively simple method: clicking on a harmful link.
|
By Wallarm
In early November, the cybersecurity community witnessed the exploitation of a zero-day vulnerability in Confluence Data Center and Server. This critical vulnerability was related to Improper Authorization and assigned CVE-2023-22518 identifier. In this blog, we delve into the details of these vulnerabilities, their implications, and the necessary mitigation steps to protect your digital assets.
|
By Wallarm
The world of digital technology is perpetually evolving, positioning cybersecurity as a frontline defense in safeguarding essential digital assets. A primary challenge in this sector, accentuated by the Wallarm API ThreatStats™ report Q3’2023, is ensuring robust API security. This in-depth report emphasizes the urgent need for immediate, strategic actions from business leaders and cybersecurity practitioners alike to combat the sophisticated emerging threats.
|
By Wallarm
The 2023 SANS Survey on API Security (Jun-2023) found that less than 50 percent of respondents have API security testing tools in place. Even fewer (29 percent) have API discovery tools. Wallarm delivers both these capabilities via our single, integrated App and API Security platform. Wallarm has long offered the ability to generate OpenAPI Specifications (aka Swagger) based on actual traffic across your endpoints.
|
By Wallarm
In an age characterized by digital transformation, APIs serve as the backbone of modern applications, enabling diverse systems to communicate and share data seamlessly. This widespread API adoption, however, exposes organizations to a considerable attack surface, inviting the attention of cyber adversaries searching for vulnerabilities to exploit.
|
By Wallarm
Over the past several months, we've taken a journey through the new 2023 OWASP API Security Top-10 list. In the previous 12 weekly posts, we've delved into each category, discussed what it is, how it's exploited, why it matters, and suggested effective protections for each. Now, as we conclude this series, it's time to summarize and offer some practical guidance for security practitioners looking to bolster API security in their organizations.
|
By Wallarm
Welcome to the 12th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it. To see previous posts you might have missed, click here. This post will put a spotlight on Injection, which used to be its own category (OWASP API8:2019) but has now been subsumed into OWASP API10:2023 (Unsafe Consumption of APIs).
|
By Wallarm
Welcome to the 11th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API10:2023 Unsafe Consumption of APIs. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.
|
By Wallarm
Orphan APIs can lead to a host of unnecessary issues such as misallocated resources, maintenance issues, wasted development and testing time, and issues with maintainability, scalability, security and usability. Watch this quick demo to learn how Wallarm API Discovery helps you identify and manage any Orphan APIs in your portfolio.
|
By Wallarm
API Abuse can be harder to prevent than web application attacks. This quick demo of the Wallarm API Abuse Prevention solution shows how our unique, integrated approach to addressing malicious automated behavior puts you back in control.
|
By Wallarm
In today's rapidly evolving digital landscape, securing APIs against emerging threats is crucial. Wallarm offers essential solutions for safeguarding both new and legacy APIs and web applications. Tim Ebbers, Field CTO, and Stepan Ilyin, Co-Founder, present this insightful product democast of the Wallarm platform, highlighting key components and recent enhancements.
|
By Wallarm
Learn how you can identify undocumented and unmanaged APIs in the Wallarm console with our new and improved Shadow API Detection capability.
|
By Wallarm
The OWASP API Security Project team recently posted the Top-10 API risks Release Candidate (RC) for 2023. Last updated in 2019, this new version is designed to help organizations understand the top threats against APIs and how to secure them. In this webinar, we will dig into the OWASP API Security Top-10 2023RC and discuss: We will share some of our data-driven insights, derived from our quarterly API ThreatStats(tm) Reports, and show how you can protect your APIs in real-time from the most impactful API threats.
|
By Wallarm
The OWASP API Security Top-10 risks Release Candidate (RC) is now out for comment. This new version is designed to update your understanding of the top threats against APIs and how to secure them. In this deep-dive webinar, we will dig into each of the OWASP API Security Top-10 2023 RC risks and discuss: The focus of this 2nd webinar in the series will be on what practitioners – builders, breakers, defenders, and DevSecOps – need to know to better protect their APIs.
|
By Wallarm
Learn about our CVE Exposure capabilities, which provides in-depth insight into vulnerabilities and attacks against your APIs, and how to remediate these issues.
|
By Wallarm
Learn how to detect, remediate and control leaked API secrets like API keys, credentials, tokens and more which could lead to a breach of our APIs.
|
By Wallarm
Take a quick tour of our End-to-End API Security dashboard. Discover all the APIs in your portfolio, the associated risks from OWASP Top-10 threats like Injections and BOLA, and sensitive data flows. Prevent API Abuse from Bots and DoS attacks. Find and block leaked API secrets like API keys, credentials, tokens and more. Set triggers and integrate into your existing workflow.
|
By Wallarm
Learn how to discover all the APIs in your portfolio, based on actual traffic instead relying on schemas, including internal and external-facing endpoints, so you can protect them against OWASP Top-10 threats like Injections and BOLA, ensure sensitive data are protected against unintentional or malicious disclosure, and much more.
|
By Wallarm
Attack detection is critical for most security solutions, whether we are talking about a load balancer-based (NIDS, WAF), host-based or in-application solutions (HIDS, RASP). Interestingly, regardless of the differences in architecture and data flow, most solutions use similar detection principles and techniques. We will explore how the detection architecture evolved over time and how the new generation of detection logic, such as the architecture implemented by Wallarm, is principally different from that of the legacy solutions.
|
By Wallarm
The main task of the run-time application security is to protect modern applications and APIs. In this endeavor the solutions face a number of challenges: Download this whitepaper to learn how Wallarm solves the difficult task of effective application security by relying on AI and machine learning including a unique combination of hierarchical clusterization, statistical n-gram based models, recurrent neural networks and reinforcement learning.
|
By Wallarm
In this comprehensive Q2-2023 report, we reflect on an intensified API threat landscape, underlining prevalent threat vectors, susceptible APIs, and new dimensions in the API security arena. With the inclusion of bug bounty analysis and our inaugural API Security Awards, this report provides granular insights into the current state of API security.
|
By Wallarm
The following guidelines will help senior stakeholders set strategy to secure modern applications, learning: Applications are the operational mechanism for how a modern enterprise conducts transactions and uses data. Whether internal or customer-facing, apps are critical for your successful business operations. That means securing apps should be a business priority.
|
By Wallarm
This 2022 recap report looks back at the deteriorating API threat landscape, the most prevalent types of threat vectors, the most vulnerable types of APIs, and much more to provide API security and DevOps teams the data-driven insights needed to improve API security in 2023. One of the main take-aways is that the API threat landscape is becoming ever more dangerous. We make this assessment based on the 2022 data, and specifically these four trends.
- December 2023 (1)
- November 2023 (5)
- October 2023 (3)
- September 2023 (11)
- August 2023 (8)
- June 2023 (2)
- May 2023 (1)
- April 2023 (2)
- March 2023 (5)
- February 2023 (1)
- January 2023 (2)
Security and DevOps teams choose Wallarm to discover all cloud-native APIs and legacy web applications running in their environment, and to detect & respond to threats against them.
Whether you need to protect your brand-new cloud-native APIs or your legacy web apps, Wallarm API Security platform delivers all the capabilities to secure your business against emerging threats.
Comprehensive Protection for APIs and Web Applications:
- Coverage: Protect all your internal and public-facing APIs & web applications regardless of protocol across your entire infrastructure to ensure comprehensive protection.
- Detection: Identify, consolidate and prioritize advanced risks – including OWASP Top-10 risks, API-specific threats, and API abuse – to improve security team effectiveness and reduce workload.
- Response: Assess and remediate any weaknesses which expose you to attack and automatically add new against any further breaches.
Protect Apps in a Cloud-Native Era.