Tag

Application Security Testing

Browsing

The 2023 SANS Survey on API Security (Jun-2023) found that less than 50 percent of respondents have API security testing tools in place. Even fewer (29 percent) have API discovery tools. Wallarm delivers both these capabilities via our single, integrated App and API Security platform. Wallarm has long offered the ability to generate OpenAPI Specifications (aka Swagger) based on actual traffic across your endpoints. This allows you to: Enumerate all your managed and unmanaged APIs…

Welcome to another inside story straight from the Wallarm labs. Today we’re taking you behind the scenes of our self-testing journey, showcasing how we “drink our own champagne” by implementing our Framework for Application Security Testing (FAST) to strengthen the security of our APIs. The intent is to illustrate how our API security journey not only solidifies our product, but also reinforces our core value: creating the most secure environment possible for our users. The…

Fuzz testing, regularly known as fuzzing, is a product testing procedure that incorporates embedding flawed or arbitrary information (FUZZ) into a product framework to recognize coding issues and security issues. Fuzz testing involves infusing information into a framework utilizing robotized or semi-computerized procedures and investigating the framework for different exemptions, for example, framework crashes or implicit code disappointment. Brief History Fuzz testing was created at the University of Wisconsin Madison in 1989 by Professor Barton…

An easy to use Cloud WAF and API protection package We are thrilled to announce the launch of the new Wallarm Cloud WAF deployment for Wallarm Cloud-Native Security Platform. Get your application protection up and running in 15 minutes, without any installation at all. You can now gain protection across a full portfolio of your applications, APIs, and serverless workloads without any agent installation at all. Typically Wallarm customers install Wallarm nodes as Kubernetes Ingress…

This article explains how to exploit Oracle WebLogic for remote code execution by using valid credentials. It’s useful during black-box security audits, pentests, and infrastructure audits, including automated vulnerability scanning. To set up an example playground, we will use the following docker container: docker run -p7001:7001 –name weblogic –rm vulhub/weblogic:12.2.1.3 Again, we need to have management rights & access to the administrator console (/console web endpoint) to cause remote code execution in Oracle WebLogic. In…

Every application has its own specific goals, critical aspects, and needs. So, the logical conclusion would be that every app needs an in-depth manual configuration, right? Well, here at Wallarm, we’re security experts and developers from the real world, and we know that in many cases time, learning curve, and maintainability are crucial factors. That’s why we continuously try to make things as easy and straightforward they can be, and that’s why you can include…