How Wallarm WAF works

Unlike default cloud WAFs, Wallarm automates protection for apps and APIs with no manual tuning and investments into ongoing maintenance allowing the team to focus on different tasks. It scales. It works.

415 Brannan St, San Francisco, CA 94107
(415)940-7077
request@wallarm.com



2020 © Wallarm Inc.

Universal protection for all your APIs

Against a full spectrum of threats

  • OWASP Top 10
  • OWASP Top 10 API 
  • API Abuse
  • Credential Stuffing / 
    Account Takeover

Universal solution to protect APIs

  • SOAP / XML-RPC 
    • any XML-based
  • REST/RESTFul 
    • any JSON-based
  • GraphQL NEW!
  • gRPC NEW!

Deep API Request Inspection

Super-fast analysis of API calls for the payloads that can be harmful

Intelligent Parsing

  • Run w/o configuration
  • Doesn’t require schema
  • Automatically recognize data formats
  • Apply necessary parsers/decores
  • Apply chain of parsers
  • Works great in CI/CD
Optimised for performance
  • Streaming mode for near-zero latency


Webinar 
August 6th at 11 am PST / 2 pm EST

How attackers exploiting e-commerce API vulnerabilities

Sign Up for Webinar

☝️Limited seats available

Reward credits stealing by SQL injection in REST API

Are you managing an Online e-commerce business security team?
We have selected 3 API security issues that caused data breaches in the e-commerce and online retail industry last 2 years: 

Application-level DoS attack by exploiting logic bomb in a Lucene search engine at black Friday

Massive users’ account takeover attack by exploiting a stored XSS vulnerability

According to Gartner’s research, 83% of all the traffic in the Internet is API calls. E-commerce industry was one of the early adopters of the SPA (single-page-application) and API approach to deliver better buyers experience and deal with the supply chain automation. Unfortunately, because of business urgency and deployment speed, API security often remains overboard. 

Share:

Speaker

Ivan Novikov

CEO at Wallarm

Ivan Novikov is CEO of Wallarm, a provider of AI-powered application security. He is also a white hat security professional with over 12 years of experience in security services and products. He is an inventor of memcached injection and SSRF exploit class as well as a recipient of bounty awards from Google, Facebook, and others. Ivan has recently been a speaker at HITB, Black Hat, and other industry events.

How to prepare

Learn more about Wallarm NG WAF product messaging & API protection functionality!

Blog

Read latest Forbes article on API security - by Ivan Novikov (Wallarm CEO)

Forbes

Watch Wallarm demo video: API Deep Request Inspection

YouTube

Read and download 
“Top-10 Security Challenges in e-commerce”

Infographics

Day in life of Security and DevOps teams

Unlike default cloud WAFs, Wallarm automates protection for apps and APIs with no manual tuning and investments into ongoing maintenance, allowing the team to focus on different tasks. It scales. It works.

Register for the webinar to learn more about appsec challenges faced by Retail

Reserve a seat
  • Every Thursday morning, after an application update, Joanna starts by making sure that security rules are updated to match the updated APIs.
    It's a common occurrence when an app update causes new false positives. Joanna receives complains from the support and DevOps teams regarding WAF blocking.

  • It is an often situation when an app update cause new false positives. Joanna receives complains from the support and DevOps teams regarding WAF blocking.

  • Joanna's team temporarily turns off protection and manually verifies which rule triggered blocking of legitimate users.

  • When the rules are updated, Joanna works with the DevOps manager to ensure an updated ACL will no longer disrupt application operation.

Day-in-the-life before our product

Day-in-the-life after Wallarm

  • Wallarm's WAF is installed instead of the AWS WAF to better protect applications and APIs.

  • Joanna's team no longer needs to update security rules as Wallarm doesn't require manual tuning.

  • Individual API calls with malicious requests are blocked without disrupting operation of the application for the rest of the IP address in the similar locale.

  • All attacks are automatically verified to see if there's any potential of exposed security issues.

Webinar
August 6th at 11 am PST / 2 pm EST

Wallarm protects some of the leading Online retail companies