An easy to use Cloud WAF and API protection package We are thrilled to announce the launch of the new Wallarm Cloud WAF deployment for Wallarm Cloud-Native Security Platform. Get your application protection up and running in 15 minutes, without any installation at all. You can now gain protection across a full portfolio of your applications, APIs, and serverless workloads without any agent installation at all. Typically Wallarm customers install Wallarm nodes as Kubernetes Ingress…
This article explains how to exploit Oracle WebLogic for remote code execution by using valid credentials. It’s useful during black-box security audits, pentests, and infrastructure audits, including automated vulnerability scanning. To set up an example playground, we will use the following docker container: docker run -p7001:7001 –name weblogic –rm vulhub/weblogic:12.2.1.3 Again, we need to have management rights & access to the administrator console (/console web endpoint) to cause remote code execution in Oracle WebLogic. In…
A lot of information about detected malicious requests is already available in the Wallarm console UI. However, the search functionality of the Wallarm UI does not provide full visibility into every type of potential attack or full details of a particular alert. If this level of visibility is desired, a script can use the Wallarm API to extract this data and send it to one of a number of different targets. This article provides…
JSON Web Token (JWT) is the data format with bill-in signature and encryption mechanisms that are often used by modern web applications to store user sessions and application context, including authentication by SSO and meta-data. Usually, you can find JWT tokens in an Authentication Bearer HTTP headers for authenticated API calls. As Wikipedia says: “The tokens are signed either using a private secret or a public/private key. For example, a server could generate a token…
In this series’ previous article, we added the AI-powered Wallarm WAF to our Helm chart bundled application as a sidecar container. As you can see, 10 minutes is the time we need to stop worrying about rules, lists, and attacks, and start focusing on performance, optimization, and deployment. As you probably know, if you’re developing applications in a container environment orchestrated by Kubernetes, Helm is a robust solution to bundle your application, mainly because it…
Every application has its own specific goals, critical aspects, and needs. So, the logical conclusion would be that every app needs an in-depth manual configuration, right? Well, here at Wallarm, we’re security experts and developers from the real world, and we know that in many cases time, learning curve, and maintainability are crucial factors. That’s why we continuously try to make things as easy and straightforward they can be, and that’s why you can include…
Subscribe for the latest news
Subscribe