An easy to use Cloud WAF and API protection package We are thrilled to announce the launch of the new Wallarm Cloud WAF deployment for Wallarm Cloud-Native Security Platform. Get your application protection up and running in 15 minutes, without any installation at all. You can now gain protection across a full portfolio of your applications, APIs, and serverless workloads without any agent installation at all. Typically Wallarm customers install Wallarm nodes as Kubernetes Ingress…
In the recent post (https://lab.wallarm.com/340-weak-jwt-secrets-you-should-check-in-your-code/), we presented a wallarm/jwt-secrets GitHub repository with a 340 JSON Web Token secrets available publicly. Using this data, it’s possible to check if you or your developers forgot to change default secrets or used a weak 3rd party library with it. However, the project was not stalled and nowadays we are happy to announce a huge update, which includes more than 1800 new JWT secrets grabbed from public sources like…
Wallarm’s Kubernetes Ingress controller is designed to help protect your Kubernetes cluster against cyberattacks. Its built-in web application firewall (WAF) is capable of detecting and blocking a wide range of common attacks against Kubernetes deployments. The previous article in this series discussed how to set up Wallarm’s Ingress controller to protect your Kubernetes cluster. However, there are a few configuration settings that you may need to modify in order to ensure optimal protection and performance…
Last month, Wallarm Cybersecurity Strategist Kavya Pearlman interviewed cyberwar fare expert Chris Kubecka via a webinar session that was well attended and very timely discussion. If you missed the webinar, worry not! Here is a quick recap of the discussion around “Application Security in the age of Cyberwar”. These days we must be prepared to fight off not just hackers in search of simple financial gain, but malicious actors funded by hostile states. Asymmetry is…
In addition to the same risks that web applications are exposed to, APIs are faced with a number of unique security risks and vulnerabilities. This blogs provides an overview of the new OWASP API Top 10 risk project.
Security products have their own security issues, which can affect products that they were designed to secure. It’s not a recursive loop, but the reality. WAFs there are not an exclusion. You can remember CloudFlare self-DoS that happened last year (https://blog.cloudflare.com/details-of-the-cloudflare-outage-on-july-2-2019/) because of an issue in RegExp signature they applied. Or Imperva’s data breach that disclosures API keys of their clients https://krebsonsecurity.com/2019/08/cybersecurity-firm-imperva-discloses-breach/ The latest thing with ModSecurity (https://www.secjuice.com/modsecurity-vulnerability-cve-2019-19886/) is another one example of how it’s…
Subscribe for the latest news
Subscribe