Category

API Security

Category

The latest quarterly review and analysis of API vulnerabilities and exploits is in. Our initial take had us thinking it was smooth sailing for the state of API vulnerabilities in Q3—or was it just a lull in the storm? As it turns out, it’s neither. Read on to learn more about Wallarm’s analysis of API vulnerabilities in Q3-2022—and be sure to attend our upcoming webinar on Thursday, November 10 at 11 AM PT where we’ll…

The most recent Azure CLI Code Injection vulnerability is a rare and dangerous case. It’s not often that the most popular cloud platform client is vulnerable to such critical issues as code injection. Regardless overall high risk of injections by OWASP Top 10 and OWASP API Security Top 10, code injections are not common for cloud infrastructures and providers and usually hits 3rs party applications and APIs. The case of CVE-2022-39327 is a unique one.…

This is a busy week for the whole Wallarm team as we are sponsoring two big conferences at the very same time. API World 2022 Wallarm will be at API World in San Jose starting today. Stop by booth #209 to chat with our #apisecurity experts about everything APIs, and check out a demo of Wallarm WAAP (Web Application and API Protection) and Wallarm Advanced API Security products. Also, Ivan Novikov, CEO of Wallarm, will…

The kind of API security scenarios we witnessed today were never like this from the beginning of time. It has gone to extra lengths to become responsive and productive as it’s now. How was it in the beginning? What changes has it faced? What more can we expect in the future? If this is what bothers you, let’s have a look at this post as it explains the evolution of API security through the years. …

Yet another RCE with a CVSS score of 9.8 out of 10 was disclosed a few hours ago. This issue looks like the same Log4shell and it seems even more dangerous since Common Texts are used more broadly. The Apache Foundation published a vulnerability in the Apache Commons Text project code and published a message to this effect in the project’s mailing list on October 13th, an official date of birth of Text4Shell vulnerability. This…

WAFs were a top-notch security instrument a decade ago, but now they are not. They fail to protect APIs. Meanwhile, the number of API-specific vulnerabilities grew more than twofold in 2022. According to a report by Wallarm, many such vulnerabilities have critical severity, and 33% are immediately exploited. But companies still heavily rely on WAFs, so many services turn out to be highly insecure and prone to data breaches. Consider this: an average data breach…