Wallarm API Security Wallarm updates logo

Wallarm updates

Discover the latest features, improvements, and updates in Wallarm API Security

Subscribe to Updates

Labels

  • All Posts
  • API Security
  • WAAP
  • ANNOUNCEMENT
  • IMPROVEMENT
  • FIX
  • FAST

Jump to Month

  • May 2025
  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • March 2022
  • February 2022
  • December 2021
  • November 2021
  • October 2021
  • August 2021
  • April 2021
  • March 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • December 2019
  • October 2019
  • August 2019
  • April 2019
API Security
today

More Control and Accuracy in Scan Scope Configuration in API Attack Surface Management

We’re excited to introduce a major upgrade to how scans are configured in API Attack Surface Management (AASM). We’ve improved the user experience to deliver more flexibility, precision, and alignment with your unique API security needs.

You can now granularly define your scan scope, allowing for more targeted and accurate results. With this update, you’ll be able to cut through the noise and focus on what matters most.

Here’s what’s new:

  • Bulk Import of Root Domains: Quickly onboard your assets by importing multiple domains at once.
  • Expanded Scope Definition: Add additional hosts to ensure comprehensive coverage of your environments.
  • Advanced Scheduler Control:
    • Turn on/off the auto-rescan scheduler per domain.
    • Globally manage the scan schedule (weekly, bi-weekly, or monthly).
    • Global scheduler settings override domain-level preferences for consistency.
  • Scanning Profiles: Choose from pre-defined scanning profiles or create your own to match your risk posture.
  • Modular Control: Enable or disable specific scanning modules as part of your scheduled scans.

These enhancements are built to help you minimize noise, sharpen findings, and focus your efforts where they matter most.

Start refining your scan scope now to take full advantage of the improved accuracy and control.

Avatar of authorWallarm team
API Security
today

Wallarm Now Natively Supports IBM DataPower API Gateway

Wallarm is excited to announce a native integration method for customers who leverage IBM DataPower as their API Gateway or edge enforcement point.

The integration offers:

🔧 Simplified Deployment – No need for traffic mirroring or custom forwarding logic

🕒 Accelerated Time-to-Value – Get up and running with security coverage in just a few hours

🔐 Enhanced Security Posture – Detect and mitigate threats directly at the API ingress point

You can now forward API traffic from IBM DataPower to a Wallarm node with minimal manual steps. To get started, follow our step-by-step integration guide for detailed instructions.

Avatar of authorWallarm team
ANNOUNCEMENT
a month ago

Introducing Node 6.0

We're excited to release a significant new version of the Wallarm node. Node version 6.0 introduces a number of technical improvements that improve supportability and lay the foundation for future features.
  • Improved local data analytics: Node 6.0 replaces the Tarantool service used in the post-analytics component with a Wallarm-developed Wstore service.
  • Greater code consistency: Node 6.0 replaces a number of Python components with Golang equivalents to improve performance and supportability.
  • Smaller operational profile: Node 6.0 reorganizes a number of components to decrease the size of Wallarm artifacts.
These changes are integral to the sustainable growth and performance of the Wallarm node. In addition, they pave the way for exciting new features that are in development.
Avatar of authorWallarm team
FIX
a month ago

Critical Security Fix for NGINX Ingress Controller for Kubernetes

On March 24th a critical remote code execution vulnerability (CVE-2025-1974) in Ingress-NGINX was disclosed. After investigating the issue, Wallarm has determined that the vulnerability affects customers using the Wallarm NGINX Ingress Controller Helm chart. Wallarm has now published an updated NGINX Ingress Helm chart, version 5.3.11, to address the vulnerability. 

We strongly recommend all Wallarm NGINX Ingress Controller Helm chart users upgrade to version 5.3.11 as soon as possible to ensure their environments remain secure. If you have any questions, please reach out to Wallarm support. 

Avatar of authorWallarm team
API Security
2 months ago

📢 Exciting Update: AASM reports download

We’re happy to announce that the Download Reports feature is now available in API Attack Surface Management. Users can download reports of the discovered APIs, scanned perimeter, WAF testing, vulnerabilities and much more. 🚀

Users can now export data in three different report formats:

  1. DOCX Report: Provides detailed insights into both the Attack Surface and Security Issues. It now includes filtering options to select which risk levels of security issues are included.
  2. CSV Reports: Export Attack Surface data in a tabular format, grouped by:
  • Hosts
  • Ports
  • APIs
  1. JSON Report: Machine-readable format for easy integration and automation.

Start exploring these new capabilities today and provide your feedback! 🎉

Avatar of authorWallarm team
API Security
3 months ago

Big Improvements to API Attack Surface Management

We are thrilled to announce the biggest update yet to the Wallarm API Attack Surface Management (AASM) platform, along with the General Availability of our API Vulnerability Scanner! 

Enhanced Vulnerability Detection

AASM now detects approximately 2,500 of the most widespread vulnerabilities affecting APIs, and it now scans for outdated versions of software across web servers, frameworks, libraries, CMS platforms, plugins, programming languages, network services, and API gateways. Users can see the expanded set of vulnerabilities discovered in the Security Issues section of AASM.

Vulnerability Intelligence Enrichment

We’ve integrated powerful Vulnerability Intelligence sources to provide deeper insights into detected vulnerabilities, including:

  • Public exploit availability 🛠️
  • In-the-wild exploitation 🌍
  • Use in ransomware campaigns ☠️
  • Exploit Prediction Scoring System (EPSS) ranking 🎯



AI-Powered CVE Classification

AASM now leverages AI and OpenAI's LLM to automatically classify detected CVEs, helping security teams prioritize and respond more effectively.

New Charts, New Security Insights

Understanding vulnerability trends over time is critical. AASM now provides two dynamic charts to enhance your security analysis:

  • Historical Risk Analysis: Tracks monthly vulnerability trends based on risk levels, helping teams measure progress.
  • Resolution Risk Analysis: Evaluates the efficiency of vulnerability management by visualizing how quickly issues are resolved over time.

Improved Reporting with CSV/JSON Export

Users can now download detailed security reports in CSV or JSON formats, choosing to export all issues or only filtered ones. 

Additional Enhancements Released in Jan-Feb:

  • Upgraded from a 3-level to a 5-level risk model for better prioritization.
  • Multi-select filters on AASM and Security Issues pages.
  • Auto-reopening vulnerabilities if they are detected again.
  • Security Posture widget updates with enhanced vulnerability statistics.

For more details, visit our documentation.

Avatar of authorWallarm team
API SecurityIMPROVEMENT
3 months ago

Improved SSO Provisioning

We’re excited to announce the launch of our improved Single Sign-On (SSO) Provisioning—a better way to manage users and permissions in Wallarm. This new enhancement to the platform’s existing SSO support allows customers to manage users and roles from within their SSO provider. 

Benefits at a Glance:

  • Centralized Control: Manage all user access from one place.
  • Faster Onboarding: Seamlessly add and update users via your SSO provider.
  • Align groups in your SSO provider with Wallarm roles. Every new user added to an SSO group will automatically receive appropriate access to Wallarm!

You can read more in the documentation. To activate SSO Provisioning, contact the Wallarm support team.

Avatar of authorWallarm team
API SecurityANNOUNCEMENTIMPROVEMENT
3 months ago

Full-Fledged GraphQL Parser

We’re excited to announce that the latest Wallarm node now includes a full-fledged GraphQL parser!

With this enhancement, Wallarm significantly improves the detection of input validation attacks (e.g., SQL injections) within GraphQL requests, offering greater accuracy and minimal false positives.

Key Benefits:

  • Improved detection of input validation attacks (e.g., SQL injections) 
  • Detailed Parameter Insights: Extract and display values of GraphQL request parameters in API Sessions, utilizing them as Session Context Parameters. 

  • Precise Attack Search: Precisely identify attacks in specific GraphQL request components, such as arguments, directives, and variables.

  • Advanced Rule Application: Apply granular protection rules to specific GraphQL request parts. This enables fine-tuning and configuring exclusions for certain attack types in defined parts of GraphQL request

.

These capabilities are included in Wallarm node version 5.3.0+. 


Avatar of authorWallarm team
ANNOUNCEMENTIMPROVEMENT
3 months ago

Enhanced Rule Creation Workflow for Improved Usability

Wallarm has introduced updates to the rule creation workflow, aimed at improving clarity and usability. These changes simplify the process of creating rules by dividing it into a structured, two-step approach.

Step 1: Users select the rule type, with rules now grouped into clearer, more intuitive categories.
Step 2: Users configure the parameters for the selected rule.

The rules are categorized as follows:

  • Mitigation Controls – Enable and configure protection mechanisms, such as Advanced Rate Limiting, GraphQL API Protection, or a custom Virtual Patch.
  • Fine-Tuning Attack Detection – Define exclusions and adjust detection behavior, disable WAAP protection for a certain application, disable specific parsers that are not required or disable detection of specific attack-types in specific parameters. 
  • Change Requests/Responses – general rules for handling request/response data: add custom headers or mask sensitive information.
  • API Discovery Settings – Configure API discovery parameters.

These updates aim to enhance the efficiency and clarity of rule creation, making it easier for users to implement and manage security configurations.

Read more about rules in our documentation. 

* It should be noted that the list of features may vary depending on the client’s subscriptions and user role.

Avatar of authorWallarm team
ANNOUNCEMENT
3 months ago

Threat Replay Testing

Introducing Threat Replay Testing: Turn Real Attacks into Your Security Advantage

Launching January 27th, Wallarm's Threat Replay Testing (TRT) transforms your API security testing by converting actual attack attempts into comprehensive security tests. This innovative approach moves beyond traditional synthetic testing to help organizations identify and address real-world vulnerabilities.

Key Features

  • Converts incoming attacks into sanitized security tests
  • Automated testing in staging environments
  • Comprehensive attack surface coverage through attack variation generation
  • Safe payload sanitization to prevent system damage

Benefits

  • Identify vulnerabilities from real attack patterns
  • Reduce security team workload with automated test generation
  • Maintain system stability with non-production testing
  • Stay ahead of emerging threats through continuous testing

For more information, contact our sales team or visit our documentation portal.

Avatar of authorWallarm team