WAF Archives

In Compliance

Building Security into Cloud Native Apps with NGINX

July 10, 2020 4 Mins Read

Industries from hospitality to taxis/transportation and food delivery are being disrupted by new age companies like Airbnb, Uber and DoorDash that have a cloud-based software infrastructure as one of their main enablers. Why do all these new companies use cloud and what advantage does it give them? Unlike legacy competitors, innovators with new infrastructure can: Quickly scale and grow their customer base Support their business in different geographies and ensure availability Ensure convenience, with users…

In Network Security

Testing ModSecurity for false positives by books texts

May 12, 2020 2 Mins Read

The main things that prevent enabling security solutions like WAF/RASP/IDS/IPS in a blocking mode are false positives. Probably the second one is their inline performance and additional latency, but still. As a cloud-native WAF vendor, we at Wallarm are actively checking our products for false positives to continuously deliver better detection quality for our customers. One of the ways to address false positives is to detect it early before the real customer will be blocked.…

In DevOps

Test and evaluate your WAF before hackers

April 20, 2020 5 Mins Read

Updated 6 July 2022: Wallarm launched – GoTestWAF: Free Online WAF tester – https://www.wallarm.com/gotestwaf/overview Updated 18 January 2023: added gRPC protocol detection and other features, more details in the article. Since 1991, Web Application Firewall, commonly referred to as WAF, has become one of the most common application security technologies available on the market. Since the last century, WAFs have evolved by incorporating the cloud and using Machine Learning instead of RegExp. Currently, few technologies,…

In Cloud Security

When your WAF needs its own WAF

February 14, 2020 1 Min Read

Security products have their own security issues, which can affect products that they were designed to secure. It’s not a recursive loop, but the reality. WAFs there are not an exclusion. You can remember CloudFlare self-DoS that happened last year (https://blog.cloudflare.com/details-of-the-cloudflare-outage-on-july-2-2019/) because of an issue in RegExp signature they applied. Or Imperva’s data breach that disclosures API keys of their clients https://krebsonsecurity.com/2019/08/cybersecurity-firm-imperva-discloses-breach/ The latest thing with ModSecurity (https://www.secjuice.com/modsecurity-vulnerability-cve-2019-19886/) is another one example of how it’s…

In API Security

The most cited Wallarm researches in 2019

February 2, 2020 3 Mins Read

Our researchers are constantly working on information security issues and in 2019 we published dozens of articles on this topic. Stay with us and let’s make the IT world safer together!

In Product updates

New Wallarm Dashboard

December 17, 2019 2 Mins Read

There is an update in the Wallarm Console, which presents a brand new dashboard that can’t be missed. There are three significant changes that are worth mentioning: New structure. The dashboard has a new, clear structure emphasizing multiple modules of the Wallarm Platform — WAF, Scanner, FAST. The WAF section includes data on the normal traffic against malicious hits. The Scanner section gives a quick overview of the security issues identified by the scanner modules. The…