Category

API Security

Category
WallarmAPI Security
In API Security

Maximizing Performance with Wallarm Filtering Nodes in Amazon’s Global Infrastructure

4 Mins Read

Introduction In today’s digital landscape, ensuring the security and performance of web applications is paramount. To achieve optimal protection against cyber threats, organizations deploy web application and API protection (WAAPs) like Wallarm. However, to truly leverage the benefits of Wallarm, deploying filtering nodes closest to the client using Amazon’s global infrastructure, including EC2 instances, Route 53, CloudFront, and Lambda functions, can significantly enhance performance. In this blog post, we’ll explore the performance advantages of this…

Read More
In API Security

Introducing Integrated API Abuse Prevention to Combat Bad Bots

4 Mins Read

In recent years there’s been a rise in “API Abuse” attacks, which includes detrimental automated behaviors such as malicious bots, account takeover (ATO), credential stuffing, application layer (L7) DDoS, data scraping, and more. For instance, in April-2021 malicious actors scraped the personal data of over 533 million Facebook users, including phone numbers, email addresses, locations and much more, by exploiting a vulnerability in Facebook’s API. The attackers then made the data available for sale on…

Read More
In API Security

GCP ESPv2 Hit with Critical API Authorization Bypass CVE-2023-30845

6 Mins Read

This post delves into a very impactful JWT Authentication Bypass vulnerability (CVE-2023-30845) found in ESP-v2, an open-source service proxy that provides API management capabilities using Google Service Infrastructure. This vulnerability allows malicious API clients to bypass JWT authentication through crafty manipulation of the X-HTTP-Method-Override header under specific circumstances. The importance of this issue is highlighted by the significant market share commanded by the Google Cloud Platform (GCP), reported at 11% of the global cloud market…

Read More
In API Security

What You Need To Know About MOVEit

8 Mins Read

The MOVEit Vulnerabilities and Latest Exploits. Impact On Governmental Agencies And Large Organizations Governmental agencies and large organizations around the world are being hit by ransomware attacks exploiting several vulnerabilities in MOVEit, a widely used file transfer solution. The situation is highly dynamic, with a 3rd zero-day vulnerability disclosed as this is being written (06/15 PM). The purpose of this post is to provide you with the latest on the MOVEit situation. If you use…

Read More
In API Security

OWASP APIsec Top-10 2023 Is Here | API Security Newsletter

11 Mins Read

Welcome to our May API newsletter, recapping some of the events of last month. As the old proverb goes, April showers bring May flowers – and this means the bees at the Wallarm hive have been in full foraging mode and the honey is flowing: lots of updates & improvements to the platform, and much more. After all, as the old nursery rhyme says: A swarm of bees in May is worth a load of…

Read More
In API Security

Holistic API Security Strategy for 2023

10 Mins Read

In the digital landscape of 2023, Application Programming Interfaces (APIs) have taken center stage in business operations. APIs act as the backbone of many digital services, enabling software applications to communicate and exchange data with each other. As businesses increasingly rely on APIs for integral operations, ensuring their security becomes a crucial task. This article explores the importance of API security and provides a guide to implementing a holistic API security strategy. The Importance of…

Read More