To strengthen defenses against resource exhaustion and abuse, Wallarm has released two new mitigation controls specifically addressing "OWASP API4:2023 – Unrestricted Resource Consumption" threats.

📁 File Upload Restriction Policy 

This real-time node-side mitigation allows you to block oversized or maliciously crafted requests before they reach your app.

Two configuration options provide flexibility:

• Maximum Total Request Size – limit the full request, including headers, body, and parameters
  
  
• Maximum Size per Parameter – restrict specific fields such as JSON parameters, Multipart parameters, headers. etc.

This control is effective across all content types (e.g., POST-multipart, PUT, JSON with base64) and helps prevent denial-of-service, memory exhaustion, and CVE exploitation through size abuse.

Included in API Security and WAAP subscriptions with Node ≥ 6.3.0

🌐 Unrestricted Resource Consumption Detection

Part of the API Abuse detection module, this cloud-based control detects excessive and abnormal resource usage that may degrade system performance, even in the absence of traditional attack signatures.

Common attack scenarios include:

• Sending large requests to overload memory or bandwidth
  
  
• Triggering heavy operations (e.g., complex database queries) to slow down the server
  
  
• Downloading massive responses to consume outbound traffic (scraping) or exfiltrate data

Included in Advanced API Security (API Abuse module) with Node ≥ 6.3.0

🔍 Feature Comparison

✅ Full-Spectrum Protection for API4:2023

These two new controls, alongside Wallarm’s existing threat mitigation and behavioral detection capabilities, form a robust and layered defense against all known vectors of OWASP API4 Unrestricted Resource Consumption. 

In order to streamline the vulnerability management process and allow users to focus on actionable data, API Attack Surface Management (AASM) now automates the evaluation and updating of discovered Security Issues after each scan. Here’s how it works:

• After every scan, AASM compares the new scan results with the current state of each Security Issue.
• If the scan job completes successfully and changes are detected in the findings, the relevant Security Issue may be automatically closed or reopened.
• Each status update is logged in the Status History of the Security Issue.
• A comment is added to explain the reason for the change.

Possible closure reasons include:

• Port not found during last scan — the previously open port is now closed.
• Network service has changed — e.g., the service on the port changed, for example from SSH to HTTP.
• New version of the product detected — indicating a product upgrade.
• Vulnerable version no longer present — the outdated component has been removed
• Vulnerability not detected during last scan — the issue is no longer observable.

This feature automates and simplifies vulnerability management by updating issue statuses based on scan results, reducing manual effort and ensuring accurate, real-time tracking of security risks.

Additional information is available in the documentation. 

We’ve added a new enhancement to the Nodes page to give you visibility into your traffic trends.

Until now, users have had visibility into total volume of traffic and traffic by application. With this enhancement, users can view traffic by node as well. 

For each specific Node instance on the "Nodes" page, the detail view now shows a chart of daily request volume. Users can adjust the time range to explore how much traffic each Node handled over a specific period of time. This increased visibility provides greater transparency into node utilization and faster troubleshooting of node issues. 

We are excited to announce significant improvements to our API Sessions user experience, designed to help you find important API session details faster and more efficiently.

The following enhancements are now available:

• Performance Improvements: Faster loading times for sessions, eliminating waits for large datasets.
• Exclusion Filters: Filter API sessions with both included and excluded criteria.
• Sortable Columns: Sorting by date and number of requests is now supported.
• Separated Sections in Session Details: Improved data visibility with icons and highlights, making it easier to locate specific information.
• Collapsable Sections: Hide less frequently used data until needed, streamlining your view.
• Intelligent Linking: Navigate quickly between session details with intuitive linking.
• Attack Details Display: View detected attacks and attack details directly within the API sessions interface.

For more details, check out the documentation or see the demo data in the Wallarm Playground. 

We’re excited to introduce a major upgrade to how scans are configured in API Attack Surface Management (AASM). We’ve improved the user experience to deliver more flexibility, precision, and alignment with your unique API security needs.

You can now granularly define your scan scope, allowing for more targeted and accurate results. With this update, you’ll be able to cut through the noise and focus on what matters most.

Here’s what’s new:

• Bulk Import of Root Domains: Quickly onboard your assets by importing multiple domains at once.
• Expanded Scope Definition: Add additional hosts to ensure comprehensive coverage of your environments.
• Advanced Scheduler Control:
  • Turn on/off the auto-rescan scheduler per domain.
  • Globally manage the scan schedule (weekly, bi-weekly, or monthly).
  • Global scheduler settings override domain-level preferences for consistency.
• Scanning Profiles: Choose from pre-defined scanning profiles or create your own to match your risk posture.
• Modular Control: Enable or disable specific scanning modules as part of your scheduled scans.
  
  

These enhancements are built to help you minimize noise, sharpen findings, and focus your efforts where they matter most.

Start refining your scan scope now to take full advantage of the improved accuracy and control.

Wallarm is excited to announce a native integration method for customers who leverage IBM DataPower as their API Gateway or edge enforcement point.

The integration offers:

🔧 Simplified Deployment – No need for traffic mirroring or custom forwarding logic

🕒 Accelerated Time-to-Value – Get up and running with security coverage in just a few hours

🔐 Enhanced Security Posture – Detect and mitigate threats directly at the API ingress point

You can now forward API traffic from IBM DataPower to a Wallarm node with minimal manual steps. To get started, follow our step-by-step integration guide for detailed instructions.

• Improved local data analytics: Node 6.0 replaces the Tarantool service used in the post-analytics component with a Wallarm-developed Wstore service.
• Greater code consistency: Node 6.0 replaces a number of Python components with Golang equivalents to improve performance and supportability.
• Smaller operational profile: Node 6.0 reorganizes a number of components to decrease the size of Wallarm artifacts.

On March 24th a critical remote code execution vulnerability (CVE-2025-1974) in Ingress-NGINX was disclosed. After investigating the issue, Wallarm has determined that the vulnerability affects customers using the Wallarm NGINX Ingress Controller Helm chart. Wallarm has now published an updated NGINX Ingress Helm chart, version 5.3.11, to address the vulnerability. 

We strongly recommend all Wallarm NGINX Ingress Controller Helm chart users upgrade to version 5.3.11 as soon as possible to ensure their environments remain secure. If you have any questions, please reach out to Wallarm support. 

We’re happy to announce that the Download Reports feature is now available in API Attack Surface Management. Users can download reports of the discovered APIs, scanned perimeter, WAF testing, vulnerabilities and much more. 🚀

Users can now export data in three different report formats:

1. DOCX Report: Provides detailed insights into both the Attack Surface and Security Issues. It now includes filtering options to select which risk levels of security issues are included.
2. CSV Reports: Export Attack Surface data in a tabular format, grouped by:

• Hosts
• Ports
• APIs

1. JSON Report: Machine-readable format for easy integration and automation.

Start exploring these new capabilities today and provide your feedback! 🎉

We are thrilled to announce the biggest update yet to the Wallarm API Attack Surface Management (AASM) platform, along with the General Availability of our API Vulnerability Scanner! 

Enhanced Vulnerability Detection

AASM now detects approximately 2,500 of the most widespread vulnerabilities affecting APIs, and it now scans for outdated versions of software across web servers, frameworks, libraries, CMS platforms, plugins, programming languages, network services, and API gateways. Users can see the expanded set of vulnerabilities discovered in the Security Issues section of AASM.

Vulnerability Intelligence Enrichment

We’ve integrated powerful Vulnerability Intelligence sources to provide deeper insights into detected vulnerabilities, including:

• Public exploit availability 🛠️
• In-the-wild exploitation 🌍
• Use in ransomware campaigns ☠️
• Exploit Prediction Scoring System (EPSS) ranking 🎯

AI-Powered CVE Classification

AASM now leverages AI and OpenAI's LLM to automatically classify detected CVEs, helping security teams prioritize and respond more effectively.

New Charts, New Security Insights

Understanding vulnerability trends over time is critical. AASM now provides two dynamic charts to enhance your security analysis:

• Historical Risk Analysis: Tracks monthly vulnerability trends based on risk levels, helping teams measure progress.
• Resolution Risk Analysis: Evaluates the efficiency of vulnerability management by visualizing how quickly issues are resolved over time.

Improved Reporting with CSV/JSON Export

Users can now download detailed security reports in CSV or JSON formats, choosing to export all issues or only filtered ones. 

Additional Enhancements Released in Jan-Feb:

• Upgraded from a 3-level to a 5-level risk model for better prioritization.
• Multi-select filters on AASM and Security Issues pages.
• Auto-reopening vulnerabilities if they are detected again.
• Security Posture widget updates with enhanced vulnerability statistics.

For more details, visit our documentation.