Wallarm API Security Wallarm updates logo

Wallarm updates

Discover the latest features, improvements, and updates in Wallarm API Security

Subscribe to Updates

Labels

  • All Posts
  • API Security
  • WAAP
  • ANNOUNCEMENT
  • IMPROVEMENT
  • FIX
  • FAST

Jump to Month

  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • March 2022
  • February 2022
  • December 2021
  • November 2021
  • October 2021
  • August 2021
  • April 2021
  • March 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • December 2019
  • October 2019
  • August 2019
  • April 2019
FAST
4 years ago

Simple Authentication Mechanism in FAST

saml-sso.png

A frequently asked question from customers is, "Why didn't FAST find a vulnerability when it definitely exists in the application?" We began to explore the logs and look for the reasons for this behavior. In most cases, the answer is simple: FAST failed to path authentication.

And we took the first steps in solving this problem.

The first move was to highlight the problems of authentication themselves. Now, the Wallarm Console displays the new "Auth failed" status if FAST was unable to test due to an authentication error.

The second move was to add a simple authentication method. What does that mean? Now, you can provide the FAST node with the test client credentials and specify the query parameters they need to substitute. These credentials will be used when executing test queries. Such a mechanism will avoid the use of an expired token, QA credentials, etc.

Read more about the FAST authentication process on our docs portal

Avatar of authorWallarm team
FAST
5 years ago

Support of Parallel CI Pipelines

878-a8ecee7cd85211adaaaf06a20336a4dc2359e819.png

We are continuing to simplify security testing automation in your CI/CD pipelines. Many users have requested to have FAST work with several CI pipelines simultaneously. We’re glad to announce that such support was added in the latest version of FAST.

You no longer need to run multiple instances of the FAST node for each CI pipeline. Instead, the only instance of the FAST node can now be used in multiple pipelines. It greatly simplifies tool deployment and makes the whole testing architecture more elegant.

Just specify an additional parameter BUILD_ID in the configuration of your project in the CI/CD system. For example if you work in Jenkins, add -e BUILD_ID = $ {env.BUILD_ID} into the command that launches FAST.

The parameter should be unique for each build so that the FAST node can associate any given requests with the necessary Test Run. Note that support for parallel pipelines works with both modes: recording baselines and running security tests.

Don’t have FAST but want to try it out? Send us a note!

Avatar of authorWallarm team
FAST
5 years ago

Get tests finished faster by disabling scanning of static files

We released an important FAST update. You can now disable any tests for the static files and with that significantly improve test performance.

Traffic of automated tests and manual testing of QA engineers typically contains HTTP requests to the static files (such as images, js, CSS). By default, FAST records baselines for all the requests and for the static files too. Most often, running tests against static files doesn't make sense. So skipping these tests can give you speed boost and allow testing to finish much faster.

In the TestRun settings, you can now enable option "Skip following files extensions" and choose which files to consider as static. They be excluded for the further testing.

fast-skip-static-files-en.png


Avatar of authorWallarm team
FAST
5 years ago

Rerunning existing security tests

The vital part of FAST's philosophy is making security testing automation easier, especially within CI/CD pipelines. It'll be simpler with the new feature — Reuse Test Record.

You can now rerun existing security tests that you created earlier, without recording a new Test Record. It may be especially convenient when the methods and variables of your API haven't changed, and it doesn't make sense to record new test baselines. You can just run the Test Run using the existing Test Record. For instance, after the new build of the application.

In FAST Console, you can try the action "Create similar Test Run". Note: you can reuse only Test Records that have more than one baseline and are not in Recording state.

Avatar of authorWallarm team