Wallarm API Security Wallarm updates logo

Wallarm updates

Discover the latest features, improvements, and updates in Wallarm API Security

Subscribe to Updates

Labels

  • All Posts
  • API Security
  • WAAP
  • ANNOUNCEMENT
  • IMPROVEMENT
  • FIX
  • FAST

Jump to Month

  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • March 2022
  • February 2022
  • December 2021
  • November 2021
  • October 2021
  • August 2021
  • April 2021
  • March 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • December 2019
  • October 2019
  • August 2019
  • April 2019
API Security
7 months ago

Improvements to API Attack Surface Management

We are excited to announce a new update to Wallarm’s latest innovation in API security— API Attack Surface Management. AASM is designed to help organizations effortlessly discover and protect their external API attack surface, identify missing WAF/WAAP solutions and mitigate API Leaks. AASM is an agentless solution, so no installation is required. You can get results in under 5 minutes. You can request access to the product at sales@wallarm.com, or if you have any questions, please contact support@wallarm.com. 

Recent update:

In this update, we’ve released an API Details View (simply click on a hostname). This view allows you to see far more detail than before:

  • API Specific Details: You can view specific details about APIs, such as API type, protocol, encryption, API gateways, security vendors, and more.
  • API Gateway Detection: AASM now detects up to 15 API gateways, including Apigee, Mulesoft, Kong, WSO2, and more.
  • WAF/WAAP Score Report: You can download the WAAP Score Evaluation report, which provides specific details about the types of attacks your WAF/WAAP can detect and its false-positive rates.
  • Detection of WAAP solutions for each open port: It helps identify WAAP coverage gaps. For example, when the main port 443/TCP is protected with WAAP, but some additional ports, such as 8080/TCP, are not.
  • AASM detects service fingerprinting: identifying software/version for each open port. Currency, it works only for ports, not for APIs. We plan to implement more functionality on API fingerprinting in the future.
Avatar of authorWallarm team
8 months ago

Effortlessly manage security controls via Terraform provider

We are pleased to announce exciting improvements to our Terraform provider. You can now seamlessly manage all triggers and Credential Stuffing detection rules directly within Terraform. This improvement simplifies and streamlines the management of Wallarm solution, giving you greater control and efficiency in securing your infrastructure.

You can find more information in the Terraform registry and in our documentation.

Avatar of authorWallarm team
API SecurityWAAP
8 months ago

Introducing Node 5.0

We are excited to announce the release of Wallarm Node 5.0! This major update represents a significant shift in our technology stack, bringing enhanced performance and scalability to your Wallarm deployment.

Key Highlights:

  • New Technology Stack: The Wallarm node has been re-engineered from a Ruby-based implementation to Go, resulting in a faster, more scalable, and resource-efficient solution.
  • Performance Improvements: The Wallarm Postanalytics module’s performance has been improved:
    • CPU Usage: Reduced from 0.5 CPU cores to just 0.1 CPU cores.
    • Memory Usage: Lowered by 400 MB at a traffic rate of 500 requests per second.

File System Updates:

  • Consolidated Logging: Logs from almost all services are now recorded in a single file, wcli-out.log, simplifying log management.
  • Updated Diagnostic Script Path: The diagnostic script has been moved to /opt/wallarm/collect-info.sh from its previous location.

Important Notes:

  • This release focuses on technical refactoring and does not introduce any changes in functionality. All features supported in the previous version (4.10) are retained in 5.0.

For a detailed overview of all changes and update instructions, please refer to our updated documentation.

Avatar of authorWallarm team
IMPROVEMENT
9 months ago

LDAP Systems Integration

We are excited to announce the integration of LDAP systems with Wallarm. This new feature allows seamless authentication and user management through your existing LDAP setup.
Key Features:
  • LDAP Authentication: Easily authenticate users with LDAP.
  • User Management: Manage user roles and permissions directly through LDAP for use in Wallarm Console.
For detailed instructions on setting up and configuring LDAP integration, please refer to our LDAP Configuration Guide.
LDAP configuration is not available until activated, for activation, contact the Wallarm support team.
Avatar of authorWallarm team
API SecurityIMPROVEMENT
10 months ago

A fresh look at malicious bot activity


We are releasing improvements to the API Abuse dashboards that make it easier to analyze bot behavior. With a new timeline diagram, you can easily identify spikes in bot activity and drill down to investigate them. Additional Top Attackers and Top Targets widgets allow you to determine the most active bots and the most attacked APIs/Applications.

With this update, you also get the ability to search for events related to specific types of bots in the attack list. You can find more details in our documentation.


Avatar of authorWallarm team
WAAP
10 months ago

Malicious JavaScript injection via supply chain attack (polyfill.io)

A recent supply chain attack has compromised over 100,000 websites through the popular Polyfill JavaScript library. The library is widely used to ensure compatibility with modern JavaScript features in older browsers. Different web applications and Content Management Systems (e.g. Magento), include code that introduces static script imports of JavaScript code sourced from cdn.polyfill.io.

Earlier this year, a Chinese company acquired the Polyfill domain. The attackers used the control of the domain to distribute malicious JavaScript code instead of legitimate libraries. This allows performing arbitrary malicious activity in the context of the victim's browser: redirecting users to phishing sites, stealing sensitive information, or even further propagating malware.

The attack is similar to stored Cross-Site Scripting (XSS) and does not require any actions from the victim other than visiting a web page. Successful attacks have already been recorded on other websites.

The Wallarm platform detects the compromised applications and the corresponding web pages with static imports of JavaScript code from the *polyfill.io domain and other malicious domains involved in this campaign: (kuurza[.]com, googie-anaiytics[.]com, bootcss[.]com, macoms[.]lanewcrbpc[.]com, polyfill[.]io, bootcdn[.]net, staticfile[.]net, unionadjs[.]com, xhsbpza[.]com).

Check the vulnerabilities page in the Wallarm console for the vulnerability “Malicious JavaScript injection via supply chain attack (polyfill.io)” as demonstrated on the figure below. If the vulnerability was found:

1. Consider removing the Polyfill library entirely from the application’s dependencies.

2. Ensure that there are no references to malicious domains in the source code: (kuurza[.]com, googie-anaiytics[.]com, bootcss[.]com, macoms[.]lanewcrbpc[.]com, polyfill[.]io, bootcdn[.]net, staticfile[.]net, unionadjs[.]com, xhsbpza[.]com).

3. If Polyfill functionality is needed, consider using trustworthy alternatives.

4. Investigate potential incidents of attacks on your application users.

If the vulnerability was not found, we still recommend analyzing the source code of all projects, especially those not protected with the Wallarm platform.

Avatar of authorWallarm team
API SecurityWAAPIMPROVEMENT
10 months ago

Wallarm Node 4.10.7

An update to our filtering node is live. Node 4.10.7 is designed to support new features, and to address number of performance updates. 

This version of the Wallarm node includes updates for several NGINX versions. Full details are included in our updated documentation. 

Other key changes are:

  • API Specification Enforcement no longer requires manual NGINX configuration
  • Optimized OpenAPI data type detection by the API Discovery module

We have also updated documentation for our all-in-one installer including detailed information about migration from from DEB/RPM packages to AiO.

Avatar of authorWallarm team
11 months ago

Our Platform Detects CWE-598

We've added a new vulnerability to our platform. We now detect when an API supports GET requests with query parameters that expose sensitive data. This functionality works in concert with our existing sensitive data detection to specifically identify vulnerabilities described by CWE-598.


Key Benefits:

1. Enhanced Vulnerability Monitoring:

• Our advanced algorithms continuously monitor GET requests to identify any instances where sensitive data is inadvertently exposed in URLs.

• Real-time detection and vulnerability alerting to ensure immediate awareness and response to potential sensitive data exposure.

2. Comprehensive URL Analysis:

• We analyze all incoming traffic, focusing on identifying sensitive data within query parameters of requests.

• Pattern matching and sophisticated heuristics are employed to detect common sensitive data such as email addresses, names, passwords and other critical data.

Avatar of authorWallarm team
API Security
11 months ago

Enhanced API Abuse Security Profiles

We are thrilled to introduce new enhancements to our API Abuse Prevention capabilities, offering users greater control and precision in managing bot activity.

Users can now assign separate actions and sensitivity levels to specific types of bots. By moving away from the previous one-size-fits-all approach, you gain the flexibility to apply blocking mode against different bot types independently with minimal impact on legitimate traffic. The new Sensitivity levels replace the outdated Tolerance parameter and allow for more precise control of anomaly detection.

Additionally, you can now more effectively manage the scope for behavioral analysis. This includes the option to build behavior profiles across the entire application or within individual domains. This feature is particularly beneficial for users with multiple domains within a single application or without pre-configured applications.

These enhancements enable better identification of automated threats and minimize the risk of false positives, leading to improved security outcomes. API Abuse Prevention is available as part of the Advanced API Security subscription. You can learn more info about Wallarm bot managing capabilities and configuration options in our documentation.

Avatar of authorWallarm team
API SecurityWAAPIMPROVEMENT
11 months ago

Wallarm Node 4.10.6

Today we'd like to announce a new version of our filtering node. Node 4.10.6 is designed to support new features, but also includes a number of performance updates. 

The key features include:

  • Enhanced OpenAPI data type detection by the API Discovery module
  • Improved memory utilisation in long-lived gRPC connections
  • Added support for NGINX v1.26.0
  • Fixed compatibility issues with the Kong Gateway
  • Return proper non-zero exit codes during installation errors, addressing previous issues
  • Ability to test regular expressions intended for user-defined attack detectors

Full details are included in our updated documentation. 

Avatar of authorWallarm team