Wallarm API Security Wallarm updates logo

Wallarm updates

Discover the latest features, improvements, and updates in Wallarm API Security

Subscribe to Updates

Labels

  • All Posts
  • API Security
  • WAAP
  • ANNOUNCEMENT
  • IMPROVEMENT
  • FIX
  • FAST

Jump to Month

  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • March 2022
  • February 2022
  • December 2021
  • November 2021
  • October 2021
  • August 2021
  • April 2021
  • March 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • December 2019
  • October 2019
  • August 2019
  • April 2019
ANNOUNCEMENT
3 years ago

Blocking countries, Tor nodes, proxies, and data centers

news-pic-placeholder (1).png

Should your customers come from data centers? Not typically. It could be helpful to exclude some of the traffic sources to improve the security of applications and APIs.

With Wallarm, you can block traffic originated from a specific country based on compliance requirements ,or block Tor exit nodes and popular proxy servers frequently generating a lot of malicious requests.

Wallarm also identifies and displays in the Wallarm Console the IP address sources, i.e countries, data centers, VPN, and residential proxies.

Read more about the new blocking features on our documentation portal.

We rely on the data from 3rd party providers including IP2Location which is a partner of Wallarm.

Avatar of authorWallarm team
ANNOUNCEMENT
3 years ago

Wallarm Node 3.2 Released

news-pic-placeholder.png

We are pleased to announce the general availability of the Wallarm Node 3.2. This is a major update recommended to install.

Highlights

  • Support for new filtration mode, safe blocking
  • Management of IP address whitelist via the Wallarm Console
  • Ability to whitelist, blacklist, or greylist a subnet, Tor network IPs, VPN IPs, a group of IP addresses registered in a specific country or data center
  • Ability to whitelist, blacklist, or greylist request sources for specific applications
  • New module API Discovery that automatically identifies the application API structure based on real traffic analysis
  • The number of requests originated from blacklisted IPs is now displayed in the statistic service output, in the new parameter blockedbyacl and in the existing parameters requests, blocked

How to upgrade

Upgraded packages of Wallarm node are already available for installation from the repositories, AWS AMI and GCP VM images. The migration guide is available on the docs portal.

Avatar of authorWallarm team
4 years ago

Wallarm API Discovery

know-your-api-post (1).png

What do you know about your APIs? Why are the vulnerable v2 and v3 still exposed if they are deprecated for almost a year? What else is exposed, and you don’t even know? Are Swagger specs up to date? (Teaser: Surely not). A lot of questions, right? Meet Wallarm’s latest feature for API Discovery and Observability to better understand and protect your APIs.

Wallarm API Discovery identifies all APIs including shadow and zombie APIs and gives you up-to-date specs — based on the actual API usage.

So how where exactly can API Discovery help? There are two major ways:

  • Firstly, API inventory. The larger the company, the fewer the people that actually know what you have exposed. Different endpoints are owned by different teams. Add here multiple versions of APIs — some that are already deprecated and some still maintained — and this very soon becomes a total mess. You can easily have some outdated (and vulnerable) version of the API method exposed — and nobody will even know! It’s called a Shadow API. The only way to get full visibility is to see what APIs are actually used and how they are used, based on the traffic.
  • Secondly, up-to-date API specs. We bet you wouldn’t be surprised that specs are very often behind. It’s a life after all and docs are rarely properly updated. But you would be amazed by how significant the difference between docs and reality can be. For some APIs, you can have no Swagger at all. Or, you can have docs that clearly say that /checkout method has five parameters. Meanwhile, real traffic can show that there are plenty of requests that actually have six parameters, with one of them optional. Think of it as Swagger / OpenAPI specs generated based on the traffic.

Join the early access program by sending a note to request@wallarm.com and read a blog post for more details.

Avatar of authorWallarm team
ANNOUNCEMENT
4 years ago

Status page available at status.wallarm.com

news-pic-placeholder.png

Now we have a Wallarm service status page available at https://status.wallarm.com. The page displays live and historical data on the availability of the Wallarm Console and Wallarm API services for each Wallarm Cloud.

You can use Subscribe to updates to receive a notification when a service status changes via Email, Slack, SMS, Webhooks, and other methods.

On this page, we also post planned maintenance announcements and a description of which parts of the service may not be available during maintenance.

Avatar of authorWallarm team
ANNOUNCEMENT
4 years ago

Updates from Wallarm’s detection team (April 2021)

264-148a8e44eaddf7de1e6f708ededd5b23bbcbc4dd.png

We have expanded the set of rules for detecting LFI attacks (Local File Inclusion) and new RCE attacks (Remote Code Execution) against Symphony.

We have also added new scanner extensions to detect the following vulnerabilities:

  • Remote code execution in ExacqVision Web Service - CVE-2020-9047
  • Remote code execution in HP LinuxKI 6.01 - CVE-2020-7209
  • LFI in Spring Cloud Config Server - CVE-2020-5410
  • JFrog Artifactory Authentication Bypass - CVE-2019-9733
  • Remote code execution in Apache Unomi - CVE-2020-13942
Avatar of authorWallarm team
ANNOUNCEMENT
4 years ago

IBM QRadar and Micro Focus ArcSight integrations

arcsight.png

A new type of integration is available in the Wallarm Console - Webhook. Webhook is a widespread technology for integrating web services with each other based on callback technology.

The modern approach in information security is the use of specialized tools that are closely integrated with one another. Therefore, one of Wallarm’s priority areas is the support of modern security tools.

You can now send Wallarm WAF events to Webhook or configure conditions and filters for the Trigger to send a particular message to Webhook when conditions are met.

For setting up Webhook integration, only the API URL is required. You can find more details in our documentation.

Avatar of authorWallarm team
API Security
4 years ago

Updates from Wallarm’s detection team (December 2020)

new-detects.png

With the growing complexity of new applications, technology stacks, and evolving attack techniques, we can implement regular improvements in how the Wallarm WAF detects attacks. This month we have added new Scanner rules to detect:

  • Open access to the Consul UI web interface. Read the details on our blog
  • Server-Side Template Injection in SEOmatic plugin for Craft CMS - CVE-2020-9757
  • Reflected Code Injection in Citrix ADC and NetScaler Gateway - СVE-2020-8194
  • Remote code execution in WebLogic Server - CVE-2020-14882
  • Remote code execution in Liferay CE Portal - CVE-2019-11444

We have also improved the detection of Bash command injection and path traversal attacks in Wallarm WAF.

Avatar of authorWallarm team
ANNOUNCEMENT
4 years ago

Support for CentOS 8 added

centos_added.png

Wallarm extends deployment support for the Wallarm filtering node to more platforms. We consistently monitor new application architectures and the latest trends in application deployment. Additionally, as current platforms evolve and release new versions, we adapt the software and test compatibility to support the latest releases.

In the new 2.16 version of WAF nodes, our clients have access to:

  • Updated packages for installing WAF on CentOS 8.

Updated packages are already available in our repositories!

Next in line is support for the Ubuntu 20.04 LTS (Focal Fossa) release!

Avatar of authorWallarm team
API Security
4 years ago

Updates from Wallarm’s detection team (October 2020)

new-detects.png

With the growing complexity of new applications, technology stacks, and evolving attack techniques, we can implement regular improvements in how the Wallarm WAF detects attacks. This month we have added new Scanner rules to detect:

  • Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Web Interface Vulnerability — CVE-2020-3452
  • Open web interfaces for VMware ESXi, vCenter, and vSphere.

We've also added new rules for detecting attacks in the Wallarm WAF:

  • RCE in MobileIron Core & Connector, Sentry and Monitor and Reporting Database (RDB) — CVE-2020-15505
  • RCE on some NGINX + PHP-FPM installation configurations — CVE-2019-11043

In addition, Bitrix 0-day LFI detection is available within our WAF and Scanner. We sent notifications and created virtual patches for all clients that have this vulnerability in their applications.

Avatar of authorWallarm team
ANNOUNCEMENT
4 years ago

WAF Component Versions in Wallarm Console

saml-sso-3.png

You have probably already noticed that new blocks have appeared in the WAF node card in the Wallarm Console with information about the versions of the LOM file and proton.db used.

Starting from version 2.16 of the WAF node, these sections will display information about the versions of installed components and indicators of available updates.

The latest versions of the Wallarm WAF node uses new technologies and capabilities to protect applications and APIs from hacker attacks. We recommend that you always keep WAF nodes up to date.

We remind you that we only support the last two versions of the Wallarm WAF node. You can find more information on versioning in the versioning policy documentation.

Avatar of authorWallarm team