A lot of information about detected malicious requests is already available in the Wallarm console UI. However, the search functionality of the Wallarm UI does not provide full visibility into every type of potential attack or full details of a particular alert. If this level of visibility is desired, a script can use the Wallarm API to extract this data and send it to one of a number of different targets. This article provides an…
JSON Web Token (JWT) is the data format with bill-in signature and encryption mechanisms that are often used by modern web applications to store user sessions and application context, including authentication by SSO and meta-data. Usually, you can find JWT tokens in an Authentication Bearer HTTP headers for authenticated API calls. As Wikipedia says: “The tokens are signed either using a private secret or a public/private key. For example, a server could generate a token…
Introduction to GraphQL Representational state transfer (REST) APIs are the most popular type of API. However, GraphQL is rapidly growing in popularity as a competitor to REST. GraphQL is a meta-layer with built-in query language to access object-oriented data. It’s based on JSON-encoded HTTP requests with custom queries inside. Unlike REST, there is no data inside the URL. These differences between traditional REST APIs and GraphQL ones can create challenges for security. Legacy web application…
Wallarm has always stood out from its competitors when it comes to supporting modern stacks. For a long time Wallarm has been the only product to provide comprehensive protection for WebSockets-based web applications. Once again, Wallarm is glad to be the pioneer and add support for the gRPC protocol. The newly added WAF for gPRC feature is available to all the customers that use the latest 2.14 version of Wallarm Node. Adoption of gPRC Many…
Last month, Wallarm Cybersecurity Strategist Kavya Pearlman interviewed cyberwar fare expert Chris Kubecka via a webinar session that was well attended and very timely discussion. If you missed the webinar, worry not! Here is a quick recap of the discussion around “Application Security in the age of Cyberwar”. These days we must be prepared to fight off not just hackers in search of simple financial gain, but malicious actors funded by hostile states. Asymmetry is…
In addition to the same risks that web applications are exposed to, APIs are faced with a number of unique security risks and vulnerabilities. This blogs provides an overview of the new OWASP API Top 10 risk project.
