Wallarm — Advanced API Security

In API Security

Everyone Knows About Broken Authorization – So Why Does It Still Work for Attackers?

March 2, 2026 3 Mins Read

Broken authorization is one of the most widely known API vulnerabilities. It features in the OWASP Top 10, AppSec conversations, and secure coding guidelines. Broken Object Level Authorization (BOLA) and Broken Function Level Authorization (BFLA) account for hundreds of API vulnerabilities every quarter. According to the 2026 API ThreatStats report, authorization issues ranked ninth in the API Top 10, “reflecting chronic difficulty in managing roles and permissions at scale.” Obviously, security and development teams know…

In API Security

From Shadow APIs to Shadow AI: How the API Threat Model Is Expanding Faster Than Most Defenses

February 13, 2026 4 Mins Read

The shadow technology problem is getting worse. Over the past few years, organizations have scaled microservices, cloud-native apps, and partner…

In API Security

Inside Modern API Attacks: What We Learn from the 2026 API ThreatStats Report

February 17, 2026 4 Mins Read

API security has been a growing concern for years. However, while it was always seen as important, it often came…

In API Security

CISO Spotlight: Craig Riddell on Curiosity, Translation, and Why API Security is the New Business Imperative

February 11, 2026 4 Mins Read

It’s an unusually cold winter morning in Houston, and Craig Riddell is settling into his new role as Wallarm’s Global…

In API Security

The Myth of “Known APIs”: Why Inventory-First Security Models Are Already Obsolete

February 5, 2026 4 Mins Read

You probably think the security mantra “you can’t protect what you don’t know about” is an inarguable truth. But you…

In API Security

Why API Security Is No Longer an AppSec Problem – And What Security Leaders Must Do Instead

January 29, 2026 4 Mins Read

APIs are one of the most important technologies in digital business ecosystems. And yet, the responsibility for their security often…

In API Security

7 Reasons to Get Certified in API Security

January 12, 2026 3 Mins Read

API security is becoming more important by the day and skilled practitioners are in high demand. Now’s the time to…

In API Security

From Agent2Agent Prompt Injection to Runtime Self-Defense: How Wallarm Redefines Agentic AI Security

December 22, 2025 4 Mins Read

Is an AI-to-AI attack scenario a science fiction possibility only for blockbusters like the Terminator series of movies? Well, maybe…

In API Security

CISO Spotlight: Lefteris Tzelepis on Leadership, Strategy, and the Modern Security Mandate

December 19, 2025 4 Mins Read

Lefteris Tzelepis, CISO at Steelmet /Viohalco Companies, was shaped by cybersecurity. From his early exposure to real-world attacks at the…

In API Security

2026 API and AI Security Predictions: What Experts Expect in the Year Ahead

December 11, 2025 3 Mins Read

This is a predictions blog. We know, we know; everyone does them, and they can get a bit same-y. Chances…

In API Security

Update on React Server Components RCE Vulnerability (CVE-2025-55182 / CVE-2025-66478)

December 8, 2025 5 Mins Read

The attack landscape has been dynamic following the disclosure of the React Server Components RCE vulnerability. New information has emerged…