2 months ago
Improvements to API Attack Surface Management
We are excited to announce a new update to Wallarm’s latest innovation in API security— API Attack Surface Management. AASM is designed to help organizations effortlessly discover and protect their external API attack surface, identify missing WAF/WAAP solutions and mitigate API Leaks. AASM is an agentless solution, so no installation is required. You can get results in under 5 minutes. You can request access to the product at sales@wallarm.com, or if you have any questions, please contact support@wallarm.com.
Recent update:
In this update, we’ve released an API Details View (simply click on a hostname). This view allows you to see far more detail than before:
- API Specific Details: You can view specific details about APIs, such as API type, protocol, encryption, API gateways, security vendors, and more.
- API Gateway Detection: AASM now detects up to 15 API gateways, including Apigee, Mulesoft, Kong, WSO2, and more.
- WAF/WAAP Score Report: You can download the WAAP Score Evaluation report, which provides specific details about the types of attacks your WAF/WAAP can detect and its false-positive rates.
- Detection of WAAP solutions for each open port: It helps identify WAAP coverage gaps. For example, when the main port 443/TCP is protected with WAAP, but some additional ports, such as 8080/TCP, are not.
- AASM detects service fingerprinting: identifying software/version for each open port. Currency, it works only for ports, not for APIs. We plan to implement more functionality on API fingerprinting in the future.