SQL Injection Archives

In Product updates

Libdetection: Introducing New Generation of Attacks Detection

October 19, 2020 3 Mins Read

In the latest version of Wallarm Node, we integrated a new attack detection engine that will work with a combination of current detects. Libdetection is a unique open-source project (https://github.com/wallarm/libdetection), that provides a signature-free payloads detection by implementing a syntax analysis and the base theory of grammars. Libdetection uses a formal model for attack detection, which allows it to make a decision based on the type of attack. This approach allows us to implement the…

In API Security

Securing GraphQL API

May 18, 2020 7 Mins Read

Introduction to GraphQL Representational state transfer (REST) APIs are the most popular type of API. However, GraphQL is rapidly growing in popularity as a competitor to REST. GraphQL is a meta-layer with built-in query language to access object-oriented data. It’s based on JSON-encoded HTTP requests with custom queries inside. Unlike REST, there is no data inside the URL. These differences between traditional REST APIs and GraphQL ones can create challenges for security. Legacy web application…

In API Security

OWASP API Top 10 Projects: Highlights and Overview

February 28, 2020 13 Mins Read

In addition to the same risks that web applications are exposed to, APIs are faced with a number of unique security risks and vulnerabilities. This blogs provides an overview of the new OWASP API Top 10 risk project.

In OWASP

Tools to address OWASP Top 10 Risks

October 5, 2018 3 Mins Read

In a recent article published by Security Boulevard, we talked about OWASP Top 10 Risk classification and overlap. In this post, we will examine tools that allegedly help address these risks. You may be at more risk than you’ve been lead to believe. The following is an OWASP Risk Overlap diagram (based on the Security Boulevard article) will be used to illustrate different threat intelligence and detection mechanisms. The following color-coded visual aids help understand…

In Web Application Security

Understanding Your Monthly Security Reports

April 20, 2017 3 Mins Read

Understanding Your Monthly Security Reports When we first starting a conversation with our prospects, we are frequently asked, “Just how will I know that Wallarm is working?” To help answer that, let’s take a look at the report we sent to one of our customers last week to understand what kind of threats Wallarm defends agains. Wallarm customers get this kind of detailed report weekly — just to keep track of the state of affairs. In addition, they…

In Web Application Security

Wallarm at SyScan 360

March 22, 2016 1 Min Read

Grab a moment and catch Wallarm CEO Ivan Novikov at SyScan 360 which is about to start in hot Singapore. His talk on Key-value injections here! will be on the second day of the conference. This paper is continuation of memcached injections research presented at BlackHat USA 2014. The paper presents two main areas of research: input validation vulnerabilities at different key-value clients for popular platforms (c, java, lua, node.js, php, perl, python and ruby)…