Since 1991, Web Application Firewall, commonly referred to as WAF, has become one of the most common application security technologies available on the market. Since the last century, WAFs have evolved by incorporating the cloud and using Machine Learning instead of RegExp. Currently, few technologies, such as NG-WAF, RASP, WAAP, and a few others, have internal WAF capabilities, which prevent web applications and API threats. Majority of the fintech, health tech, and e-commerce companies have…
I recently hosted and moderated a distinguished panel of Chief Information Security Officers (CISOs) – Nitin Raina, CISO at ThoughtWorks, Mike Wilkes, former CISO at Marvel and Yogesh Badwe, CSO at Druva. We discussed major trends for 2024 across an array of topics including the evolving threat landscape, recent regulations, data privacy considerations, securing product and critical infrastructure. We also discussed strategy, leadership, resilience, scapegoating CISOs, artificial intelligence(AI) and much more. Trend #1: CISO Fallout…
The 2023 SANS Survey on API Security (Jun-2023) found that less than 50 percent of respondents have API security testing tools in place. Even fewer (29 percent) have API discovery tools. Wallarm delivers both these capabilities via our single, integrated App and API Security platform. Wallarm has long offered the ability to generate OpenAPI Specifications (aka Swagger) based on actual traffic across your endpoints. This allows you to: Enumerate all your managed and unmanaged APIs…
Welcome to another inside story straight from the Wallarm labs. Today we’re taking you behind the scenes of our self-testing journey, showcasing how we “drink our own champagne” by implementing our Framework for Application Security Testing (FAST) to strengthen the security of our APIs. The intent is to illustrate how our API security journey not only solidifies our product, but also reinforces our core value: creating the most secure environment possible for our users. The…
Fuzz testing, regularly known as fuzzing, is a product testing procedure that incorporates embedding flawed or arbitrary information (FUZZ) into a product framework to recognize coding issues and security issues. Fuzz testing involves infusing information into a framework utilizing robotized or semi-computerized procedures and investigating the framework for different exemptions, for example, framework crashes or implicit code disappointment. Brief History Fuzz testing was created at the University of Wisconsin Madison in 1989 by Professor Barton…
An easy to use Cloud WAF and API protection package We are thrilled to announce the launch of the new Wallarm Cloud WAF deployment for Wallarm Cloud-Native Security Platform. Get your application protection up and running in 15 minutes, without any installation at all. You can now gain protection across a full portfolio of your applications, APIs, and serverless workloads without any agent installation at all. Typically Wallarm customers install Wallarm nodes as Kubernetes Ingress…
