How Wallarm WAF works
Unlike default cloud WAFs, Wallarm automates protection for apps and APIs with no manual tuning and investments into ongoing maintenance allowing the team to focus on different tasks. It scales. It works.
415 Brannan St, San Francisco, CA 94107
(415)940-7077
request@wallarm.com
2020 © Wallarm Inc.
Universal protection for all your APIs
Against a full spectrum of threats
OWASP Top 10
OWASP Top 10 API
API Abuse
Credential Stuffing /
Account Takeover
Universal solution to protect APIs
SOAP / XML-RPC
any XML-based
REST/RESTFul
any JSON-based
GraphQL NEW!
gRPC NEW!
Deep API Request Inspection
Super-fast analysis of API calls for the payloads that can be harmful
Intelligent Parsing
Run w/o configuration
Doesn’t require schema
Automatically recognize data formats
Apply necessary parsers/decores
Apply chain of parsers
Works great in CI/CD
Optimised for performance
Streaming mode for near-zero latency
Webinar
August 6th at 11 am PST / 2 pm EST
How attackers exploiting e-commerce API vulnerabilities
Sign Up for Webinar
☝️Limited seats available
Reward credits stealing by SQL injection in REST API
Are you managing an Online e-commerce business security team?
We have selected 3 API security issues that caused data breaches in the e-commerce and online retail industry last 2 years:
Application-level DoS attack by exploiting logic bomb in a Lucene search engine at black Friday
Massive users’ account takeover attack by exploiting a stored XSS vulnerability
According to Gartner’s research, 83% of all the traffic in the Internet is API calls. E-commerce industry was one of the early adopters of the SPA (single-page-application) and API approach to deliver better buyers experience and deal with the supply chain automation. Unfortunately, because of business urgency and deployment speed, API security often remains overboard.
Share:
Speaker
Ivan Novikov
CEO at Wallarm
Ivan Novikov is CEO of Wallarm, a provider of AI-powered application security. He is also a white hat security professional with over 12 years of experience in security services and products. He is an inventor of memcached injection and SSRF exploit class as well as a recipient of bounty awards from Google, Facebook, and others. Ivan has recently been a speaker at HITB, Black Hat, and other industry events.
How to prepare
Day in life of Security and DevOps teams
Unlike default cloud WAFs, Wallarm automates protection for apps and APIs with no manual tuning and investments into ongoing maintenance, allowing the team to focus on different tasks. It scales. It works.
Register for the webinar to learn more about appsec challenges faced by Retail
Every Thursday morning, after an application update, Joanna starts by making sure that security rules are updated to match the updated APIs.
It's a common occurrence when an app update causes new false positives. Joanna receives complains from the support and DevOps teams regarding WAF blocking.It is an often situation when an app update cause new false positives. Joanna receives complains from the support and DevOps teams regarding WAF blocking.
Joanna's team temporarily turns off protection and manually verifies which rule triggered blocking of legitimate users.
- When the rules are updated, Joanna works with the DevOps manager to ensure an updated ACL will no longer disrupt application operation.
Day-in-the-life before our product
Day-in-the-life after Wallarm
Wallarm's WAF is installed instead of the AWS WAF to better protect applications and APIs.
Joanna's team no longer needs to update security rules as Wallarm doesn't require manual tuning.
Individual API calls with malicious requests are blocked without disrupting operation of the application for the rest of the IP address in the similar locale.
All attacks are automatically verified to see if there's any potential of exposed security issues.
