This is a busy week for the whole Wallarm team as we are sponsoring two big conferences at the very same time. API World 2022 Wallarm will be at API World in San Jose starting today. Stop by booth #209 to chat with our #apisecurity experts about everything APIs, and check out a demo of Wallarm WAAP (Web Application and API Protection) and Wallarm Advanced API Security products. Also, Ivan Novikov, CEO of Wallarm, will…
The kind of API security scenarios we witnessed today were never like this from the beginning of time. It has gone to extra lengths to become responsive and productive as it’s now. How was it in the beginning? What changes has it faced? What more can we expect in the future? If this is what bothers you, let’s have a look at this post as it explains the evolution of API security through the years. …
Yet another RCE with a CVSS score of 9.8 out of 10 was disclosed a few hours ago. This issue looks like the same Log4shell and it seems even more dangerous since Common Texts are used more broadly. The Apache Foundation published a vulnerability in the Apache Commons Text project code and published a message to this effect in the project’s mailing list on October 13th, an official date of birth of Text4Shell vulnerability. This…
WAFs were a top-notch security instrument a decade ago, but now they are not. They fail to protect APIs. Meanwhile, the number of API-specific vulnerabilities grew more than twofold in 2022. According to a report by Wallarm, many such vulnerabilities have critical severity, and 33% are immediately exploited. But companies still heavily rely on WAFs, so many services turn out to be highly insecure and prone to data breaches. Consider this: an average data breach…
What happened? The first information about the incident was issued yesterday, September 15th, 2022. We know that a hacker called “Tea Pot” successfully accessed Uber infrastructure and critical cloud services such as AWS, Slack, Google Workspace, and others. Most likely, Uber understood what had happened after this message was posted to their corporate Slack from the hacker itself: Source: https://www.theverge.com/2022/9/16/23356213/uber-hack-teen-slack-google-cloud-credentials-powershell The community became aware of this incident from a public message posted by a hacker on…
As threats to networks and systems have changed, so have CISOs’ priorities. API security has grown more important with everything as a service and in the cloud. Today’s CISOs must ensure they have a plan for protecting APIs. To learn what’s most crucial when protecting APIs, we surveyed CISOs and other security specialists. Below find the insights we derived from the responses. Results of the survey According to Gartner research, APIs need improved security and…
Subscribe for the latest news
Subscribe