Introducing Proactive API Leak Management
Today, Wallarm is introducing API Leak Management, a new feature to proactively protect your secrets and avoid related security breaches.
In recent months, enterprise companies like CircleCI, Slack, and LastPass have seen an escalation in attacks involving leaked API keys and other API secrets. API keys and secrets often leak due to developers' mistakes, missing repository access controls, insecure use of public services, and data disclosure accidents by contractors, partners, and users.
There are three main scenarios for proactive API Leak Management:
- Detect leaks. Wallarm continuously scans public sources for API secrets leaks: public repositories, mobile apps, Pastebin, and many other ways.
- Revoke/block tokens. Once a leak is detected, Wallarm remediates risks related to those leaks by blocking requests with compromised tokens and tracking them across all your API landscapes.
- Track secret usage. Wallarm tracks when leaked secrets/credentials are used.