Categories: Web Application Security

SQLmap scanner can now fingerprint Wallarm WAF

Ah-ha, we like this much. sqlmap, which is an incredibly popular tool that automates the process of detecting and exploiting SQL injection flaws, is now able to identify applications and API protected by Wallarm.

When WAF is detected, sqlmap even proposes to activate tamper scripts and try to bypass security checks. But as Wallarm doesn’t use regular expressions for attack detection and more relies on statistical profiles, it won’t help, sorry 🙂

Thanks @stamparm. Appreciate this much!

Next Critical LinkedIn vulnerability proactively resolved by Wallarm (XXE in application server) »

Previous « NGINX survey: Overall, 57% of organizations use a WAF

Tags: Active ScannerApplication Security Bypass

10 years ago

CISO Spotlight: Dimitris Georgiou on Building Security that Serves People First

Dimitris Georgiou has been a self-professed computer geek since the early 80s. At university, he…

1 week ago

API Security

The CISO’s Dilemma: How To Scale AI Securely

Your board wants AI. Your developers are building with it. Your budget committee is asking…

4 weeks ago

API Security

Agent-to-Agent Attacks Are Coming: What API Security Teaches Us About Securing AI Systems

AI systems are no longer just isolated models responding to human prompts. In modern production…

4 weeks ago

API Security

Everyone Knows About Broken Authorization – So Why Does It Still Work for Attackers?

Broken authorization is one of the most widely known API vulnerabilities. It features in the…

1 month ago

API Security

From Shadow APIs to Shadow AI: How the API Threat Model Is Expanding Faster Than Most Defenses

The shadow technology problem is getting worse. Over the past few years, organizations have scaled…

2 months ago

API Security

Inside Modern API Attacks: What We Learn from the 2026 API ThreatStats Report

API security has been a growing concern for years. However, while it was always seen…