Category

DevOps

Category

Wallarm has rolled out the update to detect and mitigate CVE-2021-44228. No additional actions are required from the customers Attempts at exploitation will be automatically blocked in a blocking mode When working in a monitoring mode, consider creating a virtual patch Log4Shell A 0-day exploit in the Java core library log4j was discovered that results in Remote Code Execution (RCE) by simple 1-line exploit with JNDI URL. Given how ubiquitous this library is, the impact…

JSON Web Token (JWT) is the data format with bill-in signature and encryption mechanisms that are often used by modern web applications to store user sessions and application context, including authentication by SSO and meta-data. Usually, you can find JWT tokens in an Authentication Bearer HTTP headers for authenticated API calls. As Wikipedia says: “The tokens are signed either using a private secret or a public/private key. For example, a server could generate a…

The Wallarm WAF provides an organization with the ability to protect their applications and APIs against a wide range of attacks. However, an organization may wish to achieve a greater degree of visibility into attack traffic and alerts than is possible via the Wallarm user interface. The Wallarm Nginx-based WAF nodes provide protection against a wide variety of threats to an organization’s systems.  However, it is not possible to perform a full-text search of alert…

In this series’ previous article, we added the AI-powered Wallarm WAF to our Helm chart bundled application as a sidecar container.  As you can see, 10 minutes is the time we need to stop worrying about rules, lists, and attacks, and start focusing on performance, optimization, and deployment. As you probably know, if you’re developing applications in a container environment orchestrated by Kubernetes, Helm is a robust solution to bundle your application, mainly because it…

Every application has its own specific goals, critical aspects, and needs. So, the logical conclusion would be that every app needs an in-depth manual configuration, right? Well, here at Wallarm, we’re security experts and developers from the real world, and we know that in many cases time, learning curve, and maintainability are crucial factors. That’s why we continuously try to make things as easy and straightforward they can be, and that’s why you can include…