Wallarm introduced its ongoing Open Source API Firewall project to the world at the recently concluded Blackhat Asia 2024 conference in Singapore. The open-source API Firewall by Wallarm is a free, lightweight API Firewall designed to protect REST and GraphQL API endpoints across cloud-native environments using API schema validation. By relying on a positive security model, our API Firewall only allows calls that match a predefined API specification while rejecting everything else. At the event, our in-house expert Nikolay Tkachenko (Research Engineer @ Wallarm) showcased the latest developmen ..read more

A severe command injection vulnerability in the GlobalProtect Gateway feature of PAN-OS versions 10.2, 11.0, and 11.1 underscores the critical importance of API security in devices at the frontline of network connections. This vulnerability, identified as CVE-2024-3400, allows unauthorized users to execute commands as the system administrator, significantly threatening the security of critical infrastructure. The issue, rated with the maximum severity score of 10 out of 10, was discovered during routine operations and specifically affects systems with both GlobalProtect gateway and device tele ..read more

APIs (Application Programming Interfaces) have proliferated widely, which increases their susceptibility to various vulnerabilities. In the realm of web applications, prime examples that stand out are SOAP (Simple Object Access Protocol) and Representational State Transfer (REST) APIs. Due to their inherent complexity and the dynamic nature of software ecosystems, common vulnerabilities include inadequate authentication mechanisms and injection attacks such as SQL injection or cross-site scripting (XSS). At Wallarm, we've been addressing API leaks for years, gaining deep insights into their c ..read more

Spoutible, the rapidly growing social media platform known for its commitment to fostering a safe, inclusive, and respectful online community, has taken a significant step forward in its mission to ensure user safety, security and data integrity. Recognizing the critical importance of robust API security in today’s digital age, Spoutible is excited to announce a strategic partnership with Wallarm, a leader in API and Application security. "Wallarm is already integrated at Spoutible, enhancing API security while reinforcing the company’s overall security posture." Christopher Bouzy, CEO Spoutib ..read more

“If you put a key under the mat for the cops, a burglar can find it, too. Criminals are using every technology tool at their disposal to hack into people’s accounts. If they know there’s a key hidden somewhere, they won’t stop until they find it.” - Tim Cook, CEO of Apple Inc. The entire digital landscape has evolved into a behemoth of sorts as the number of online attacks targeting individuals, businesses, and governments has risen steadily. And it’s not just money and cryptocurrencies they’re after. Customer or user data has evolved into a powerful tool for businesses to make crucial decisio ..read more

All industries are at risk of credential stuffing and account takeover (ATO) attacks. However, some industries are at a greater risk because of the sensitive information or volume of customer data they possess. While cyber-attacks come in all forms and techniques, credential stuffing involves an interconnected network where cyber criminals access critical customer information from one site and then go on to launch account takeover (ATO) attacks on different sites by stuffing information into login fields and password retrieval forms. Account takeover and fraud can directly result from success ..read more

“If you put a key under the mat for the cops, a burglar can find it, too. Criminals are using every technology tool at their disposal to hack into people’s accounts. If they know there’s a key hidden somewhere, they won’t stop until they find it.” - Tim Cook, CEO of Apple Inc. The entire digital landscape has evolved into a behemoth of sorts as the number of online attacks targeting individuals, businesses, and governments has risen steadily. And it’s not just money and cryptocurrencies they’re after. Customer or user data has evolved into a powerful tool for businesses to make crucial decisio ..read more

Since 1991, Web Application Firewall, commonly referred to as WAF, has become one of the most common application security technologies available on the market. Since the last century, WAFs have evolved by incorporating the cloud and using Machine Learning instead of RegExp. Currently, few technologies, such as NG-WAF, RASP, WAAP, and a few others, have internal WAF capabilities, which prevent web applications and API threats. Majority of the fintech, health tech, and e-commerce companies have had WAFs installed for years to protect their APIs, but also due to PCI DSS, SOC2, and HIPAA complianc ..read more

Government bodies are clamping down heavily on institutions and organizations that handle sensitive customer data. For APIs, tokens are used to authenticate users. We live in an era dominated by cloud-native and cloud-first solutions that rely on these services to provide dynamic data storage capabilities and overall computing  capabilities  for more accurate and actionable insights. Whether it’s to ingest data across your Snowflake Snowpipe or share data with dozens of microservices within your organization, reliance on APIs has skyrocketed in the last decade. Companies with 10,000 ..read more

Ensuring the security of web applications and APIs is more critical than ever. With threats becoming increasingly prevalent and sophisticated, organizations need to employ comprehensive security measures to protect their digital assets. The NIST Cybersecurity Framework (CSF) 2.0 stands at the forefront of these efforts, offering a structured approach to managing cybersecurity risks. Business Context and the Importance of NIST CSF The business landscape is fraught with cybersecurity challenges that demand a proactive and informed response. To this end, the NIST CSF offers an essential roadmap f ..read more