Category

API Security

Category

Since the beginning of 2022, the Wallarm security research team has been analyzing API vulnerabilities and exploits, and releasing quarterly reports. The Q1 report got a lot of attention and positive feedback from the cybersecurity community, as well as a few valuable ideas and suggestions. We included many of these in the Q2 API Vulnerabilities and Exploits report, which will be discussed in our upcoming webinar on August 8th. Register now to reserve your seat!…

Wallarm API Security solution is now available in AWS as an official Terraform module, with a full feature set including autoscaling groups, API Gateway connector, mirroring, and agentless (out-of-band) deployments.  To address modern cloud-native threats, API security vendor Wallarm released extended support for AWS deployment options. The latest release is available in the official registry and requires Terraform version 1.0.5 and higher.  Wallarm is now available in AWS as agentless (VPC out-of-band), inline proxy, and…

Discovering and securing any API is one of the most difficult challenges for developers. The API security landscape is constantly evolving, with new threats and vulnerabilities emerging at a rapid pace. Since commercial API security solutions can be expensive for some organizations (especially 1-person or micro shops), it’s never a bad idea to look at open-source alternatives. The open-source API Firewall is the pioneer in this space with more than 1 billion docker pulls since…

Ivan Novikov, CEO at Wallarm, is an API security expert, bug hunter, security researcher, and blackhat speaker with 24 years of experience in the cybersecurity field. He spent decades in this industry and witnessed exploits as well as growth.  Read ahead to understand Ivan’s API Security journey and how he sees the current progress of this field as a whole. You will get to know about how API Exploits are still a threat to those…

For tech innovators and security experts, what OWASP Top-10 says or predicts is much attention-worthy as this globally recognized document guide about the hidden and damage-causing security threats. As the year 2022 has begun, the people willing to learn about the latest security trends and worrisome threats must emphasize on the API security OWASP Top 10 2022. We have done the hard work for this. Read this article and figure out which cyber threats, as…

Background On June 20, 2022 Spring released Spring Data MongoDB 3.4.1 and 3.3.5 to address a critical CVE report: CVE-2022-22980: Spring Data MongoDB SpEL Expression injection vulnerability through annotated repository query methods. This vulnerability was originally reported on June 13, 2022. Wallarm SOC team already uses its exploitation in the wild. Vulnerability This vulnerability affects Spring Data MongoDB applications using repository query methods that are annotated with @Query or @Aggregation and use parameterized SpEL statements. A…