We are pleased to announce the release of Wallarm node 4.4

Here is a list of the main features which will be available when you upgrade to the latest Wallarm node version:

Checking JSON Web Token strength

JSON Web Token (JWT) is one of the most popular authentication methods. Unfortunately, JWTs may contain many weaknesses which might be missed or forgotten about during development. Any of these will allow attackers access to your application, for example, with administrator rights.

Wallarm node now detects weaknesses in JWTs and records the corresponding vulnerabilities when:

• JWT is not signed
• JWT is signed using a compromised key

Libdetection library enabled by default

Wallarm introduced a fully grammar-based attack detection library libdetection a few years back and since then commited to improve and enhance it. First introduced as a feature for the power-users, it's then became available for everyone.

Starting node 4.4 it's by default enabled for all the customers. This is a major improvement as our core thing of getting the most accurate attack detection, with near-zero false positives. Focus on what matters, don't waste time on the tuning - we back you up.

Supported installation options

• Added support for Ubuntu 22.04 LTS (jammy)
• Dropped support for Debian 10.x (buster) for Wallarm to be installed as the module for either NGINX stable or NGINX Plus

More
Wallarm node 4.4 incorporates dozens of other improvements. A more detailed changelog and instructions on safe upgrade from previous versions are published in the official documentation.

If you have any questions, feel free to contact our support team at support@wallarm.com.

Thousands of companies – from startups to Fortune 500 enterprises – use Kong API Gateway. With blazingly fast performance, it comes with a perfect feature set for everyone who manages microservices, APIs or serverless stacks. APIs need protection against modern attacks, like Injections, BOLA and others from the OWASP API Security Top-10.

Wallarm provides a native integration with Kong Ingress Controller 3.0 for both the Kong Open-Source (CE) and Enterprise (EE) editions. Following the instructions in the documentation, you can protect your APIs with Wallarm in just a few minutes.

You can find more detailed information about this integration in our website and documentation.

Wallarm now offers extended integration with Splunk via a native Splunk application! The Wallarm API Security application for Splunk helps to organize the events logged by Wallarm into the ready-to-use dashboard. 

Wallarm makes it a priority to provide native integrations with specialized tools used by DevOps and SecOps teams. This integration with Splunk furthers that prerogative. 

 Integrating Wallarm and Splunk enables you to:

• Get and analyze data on malicious traffic against your applications and APIs
• Analyze vulnerabilities found in applications
• Receive alerts and events generated by the Wallarm triggers
• Receive alerts about Wallarm service events, such as a new account added to Wallarm personal account, changing integration settings with a third-party service, etc.

With the Wallarm API Security application for Splunk application available from the official Splunk applications library, you can make event analyzing seamless.

You can find more detailed information about the Wallarm API Security application for Splunk in our documentation.

Sometimes you may need to combine Wallarm findings with data from other services (e.g., your application logs) for in-depth analysis and investigation of attacks, incidents, and vulnerabilities. Or you may want to get a list of indicators of compromise (IOCs) from detected attacks and incidents, such as attacker IP addresses, detected malicious payloads, and so on. These IOCs are necessary to conduct in-depth security incident investigations.

For these and other similar scenarios, you can get a CSV formatted report with attack, incident, and vulnerability events. Just perform a search query for the events you need and request a report with them in the CSV format. The generated report will be sent to your email address.

See the Wallarm documentation for more details.

Wallarm rules are one of the critical mechanisms by which the Wallarm API Security solution adapts to your applications. Therefore, it is crucial to have a backup copy of your rules in case of unforeseen situations; for example, important rules were deleted by mistake.

To undo the changes and return to the previous version of the ruleset, create backup copies of your Wallarm rules. There are two types of backups available to you:

• Backups that are created automatically on any change in a ruleset.
• Backups that you create manually.

Backups are managed in the Rules section of Wallarm Console. You can create a new backup of the rules anytime or restore the ruleset from a created copy.

You can find more detailed information on this capability in our documentation.

With these new dashboard widgets, you can now easily analyze critical vulnerabilities and identify weaknesses in your system:

• The CVEs widget shows you what vulnerabilities are being used by attackers when attacking your infrastructure, allowing you to assess the impact and take protective measures as necessary.

• The Authentication widget shows you which authentication protocols are being targeted by attackers, allowing you to identify weaknesses and compromised credentials, and take preventative steps as necessary.

You can find more detailed information in our documentation.

We are pleased to announce the general availability of the Wallarm Sidecar proxy v2.0 solution!

The Wallarm Sidecar proxy v2.0 solution is a stable, safe, and scalable capability for your security stack. With this release, we updated our Sidecar solution to leverage new K8s capabilities and a wealth of customer feedback.

Among all the possibilities of Wallarm sidecar proxy v2.0, we can highlight the following:

• Injects into the K8s Pods automatically
• Simplifies protection of discrete microservices and their replicas and shards by providing the deployment format that is similar to applications
• Requires minimum service configuration to secure your apps; just add some annotations and labels for the application pod to protect it
• All Wallarm features available in the latest version 4.2 are supported by the Sidecar proxy v2.0 solution

If you are using the previous version, we recommend you migrate to the Wallarm Sidecar proxy v2.0 solution. For assistance in migrating to the Wallarm Sidecar proxy solution v2.0, please contact support@wallarm.com.

If you are looking for a security solution to protect applications deployed as Pods in a Kubernetes cluster, the Wallarm Sidecar solution is one of the options along with the Wallarm Ingress controller. More details on Wallarm Sidecar proxy v2.0 solution 

Wallarm supports many other deployment options, like AWS Terraform module, CDN and regular DEB and RPM packages. To get all supported options, please refer to Wallarm documentation.

If you have any questions, feel free to contact our support team at support@wallarm.com.

We are pleased to announce our latest attack and vulnerability detection improvements!

For Wallarm Scanner to detect vulnerabilities with even lower false positives, we have refactored the following detection rules:

• Main SQLi vulnerability detection rules, with cover of additional obfuscation types
• XSS vulnerability detection rules

Attack detection accuracy has been improved by adding the following attack detection rules:

• New Path Traversal attack detection rules - in particular, Tomcat Path Traversal via reverse proxy mapping detection
• Various Web-Shell upload detection rules

These changes are already supported by the Wallarm platform, and no additional product configuration changes are required.

Wallarm now offers native integration with Datadog! Datadog is a SaaS-based dynamic data analytics platform used in many security and operational tech stacks.  

Wallarm has made it a priority to include native integration with specialized tools used by DevOps and SecOps teams. This integration with Datadog furthers that vision. 

This integration allows you to analyze and process Wallarm API Security events along with data from your other services and products in Datadog. Thus you will have a complete picture of what is happening in your infrastructure.

You can find more detailed information on this capability in our documentation.

We are pleased to announce the release of Wallarm Node 4.2.

Here is a list of the new features which will be available after upgrading:

BOLA / IDOR Detection

When an API-based application is vulnerable to Broken Object Level Authorization (BOLA), also known as Insecure Direct Object References (IDOR), there is a strong possibility of sensitive information or data being exposed. Attackers can exploit vulnerable API endpoints by manipulating the object ID which is sent within the request. 

To prevent exploitation of this vulnerability, Wallarm Node 4.2 contains a new trigger which you can use to protect your endpoints from BOLA attacks. The trigger monitors the number of requests to a specified endpoint and creates a BOLA attack event when trigger thresholds are exceeded.

Inspecting JWTs for Malicious Payloads

Wallarm Node 4.2 also brings Deep Request Inspection capability for JSON Web Token (JWT) data formats. While this will enable many new upcoming features related to the authentication tokens, Node 4.2 expands attack detection for all content encoded in JWTs. All data encoded in a JWT is automatically unpacked/decoded and checked for the different types of malicious payloads (RCE and others).

Other Updates

CentOS 6 and Debian 9 distributions are no longer supported. There are also some changes related to the logic of denylists. A more detailed changelog and instructions on upgrade are published in the official documentation.

If you have any questions, feel free to contact our support team at support@wallarm.com