What can we learn from the recent AWS outage, and how can we apply those lessons to our own infrastructure? What Happened? On October 20, 2025, AWS experienced a major disruption that rippled across the internet (and social media), affecting widely used services such as Zoom, Microsoft Teams, Slack, and Atlassian. The issue originated not in a single data center or customer workload, but in the AWS control plane, the management layer that coordinates how…
API security has never been more important because modern APIs are operational necessities. Unfortunately, many organizations are failing to adapt their security models to a rapidly changing API threat landscape. Like it or not, we live in an AI-first world, and API security must reflect that reality. The Postman 2025 State of API Report is confirmation of that fact. AI is Becoming Business Critical AI already plays a significant role in modern business functions. A…
Authentication issues seem like low-level attacks. But authentication today – especially API authentication – can be more difficult than people expect. Companies rely on APIs to carry sensitive information every day. If access to those APIs is not properly secured, all the sophisticated security solutions companies use to protect their data elsewhere are completely undermined. A single API authentication slip could expose sensitive information just as well as a major security oversight—with the same devastating…
2025 has been one of Wallarm’s biggest years yet. In the last few months alone, we unveiled our industry-first API Revenue Protection capability, launched our next-gen Security Edge offering, were included in the 2025 Inc. 5000 list of fastest-growing private companies in America, and announced our $55M Series C funding round. This October, we’re proud to see our dedication and our customers’ confidence recognized. Cybersecurity Breakthrough has named us the API Security Platform of the…
Injection attacks are among the oldest tricks in the attacker playbook. And yet they persist. The problem is that the core weakness, trusting user inputs too much, keeps resurfacing in new forms. As organizations have shifted to API-driven architectures and integrated AI systems that consume unstructured input, the attack surface has expanded dramatically. As a result, injection is no longer just a server-side SQL issue: it now encompasses NoSQL, GraphQL, cross-site scripting (XSS), AI prompts,…
For this Cybersecurity Awareness Month, we thought it important to draw attention to some of the most common and dangerous API vulnerabilities. This week, we’re starting with Broken Object Level Authorization (BOLA). BOLA vulnerabilities top the OWASP API Top Ten. And for good reason: they’re startlingly prevalent, remarkably easy to exploit, and can have devastating consequences. So, let’s explore what they are, why they matter, and how you can mitigate them. What is a BOLA…