Best of 2022: 16 Best DDOS Attack Tools in 2022

What are DDOS attack tools? DDOS attacks are cyber- attacks targeted at rendering certain computers, network systems and servers non-functional. The processes involved in its execution can be however complicated. Attackers have to carry out a long series of actions that involve social engineering, data breaches and sometimes even system ... Read More
Wallarm - The Evolution of API Security

Evolution of API Security – A Practical Guide to Addressing API Threats in 2023

| | API security
The kind of API security scenarios we witnessed today were never like this from the beginning of time.  It has gone to extra lengths to become responsive and productive as it’s now.  How was it in the beginning?  What changes has it faced?  What more can we expect in the ... Read More
GoTestWAF Demo

8 KB is not enough: why WAFs can’t protect APIs

| | API security
WAFs were a top-notch security instrument a decade ago, but now they are not. They fail to protect APIs. Meanwhile, the number of API-specific vulnerabilities grew more than twofold in 2022. According to a report by Wallarm, many such vulnerabilities have critical severity, and 33% are immediately exploited. But companies ... Read More
uber hacked

How Uber was hacked in 2022

What happened? The first information about the incident was issued yesterday, September 15th, 2022. We know that a hacker called “Tea Pot” successfully accessed Uber infrastructure and critical cloud services such as AWS, Slack, Google Workspace, and others.  Most likely, Uber understood what had happened after this message was posted ... Read More
Digram of survey results

What’s most important for a CISO in API security?

| | API security
As threats to networks and systems have changed, so have CISOs’ priorities. API security has grown more important with everything as a service and in the cloud. Today’s CISOs must ensure they have a plan for protecting APIs. To learn what’s most crucial when protecting APIs, we surveyed CISOs and ... Read More
Wallarm API Security Platform Scheme

Integrating API Security and WAF into K8s Kong API Gateway

| | API security, waf
Article by Jiju Jacob, Director of Engineering at Revenera [This is an update of Mr. Jacobs’ 05/23 post in his Medium blog. He is a Director of Engineering at Revenera. Revenera, born as InstallShield and now a Flexera company, helps software and technology companies use open source solutions more effectively, ... Read More
JWT Injection screenshot

What are JWT Injections, and Why do You Need to Know About Them

| | API security, cyberattacks
JSON Web Tokens (JWTs for short) are the new standard for transmitting identity information in the digital age. JWTs are JSON objects that act as an identifier for your user or application. They’re used to authenticate users and securely transmit secrets as part of an API, application, or service. They ... Read More

Wallarm at Black Hat USA 2022

| | API security
Black Hat USA is celebrating its 25th anniversary, and Wallarm will be on hand for the festivities. If you’re headed to Vegas this year, we invite you to meet our crew and talk about API security. Tuesday (08/09) – Pre-Event Evening Party Join us on Tuesday 08/09 evening at the ... Read More
Vulnerabilities found in GitLab

GitLab Security Issues: Six Months of Vulnerabilities

Have you ever thought the most popular CI/CD platform – GitLab – may have security issues? In fact, it is inevitable with such a massive infrastructure. Don’t worry! The platform is still reasonably secure: it scores well over 700 on BitSight, monitors alerts in real-time, and addresses them instantly.  But ... Read More
API Vulnerabilities Report

API Vulnerabilities Jump Up 3.7x in Q2-2022

Since the beginning of 2022, the Wallarm security research team has been analyzing API vulnerabilities and exploits, and releasing quarterly reports. The Q1 report got a lot of attention and positive feedback from the cybersecurity community, as well as a few valuable ideas and suggestions. We included many of these ... Read More