Improper Authorization in Confluence Data Center and Server (CVE-2023-22518)
In early November, the cybersecurity community witnessed the exploitation of a zero-day vulnerability in Confluence Data Center and Server. This critical vulnerability was related to Improper Authorization and assigned CVE-2023-22518 identifier. In this blog, we delve into the details of these vulnerabilities, their implications, and the necessary mitigation steps to ... Read More
2023 OWASP Top-10 Series: Wrap Up
Over the past several months, we've taken a journey through the new 2023 OWASP API Security Top-10 list. In the previous 12 weekly posts, we've delved into each category, discussed what it is, how it's exploited, why it matters, and suggested effective protections for each. Now, as we conclude this ... Read More
2023 OWASP Top-10 Series: Spotlight on Injection
Welcome to the 12th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it. To ... Read More
2023 OWASP Top-10 Series: API10:2023 Unsafe Consumption of APIs
Welcome to the 11th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API10:2023 Unsafe Consumption of APIs. In this series we are taking an in-depth look at each category – the details, ... Read More
Unlocking Seamless API Security: Revenera’s Journey with Wallarm
In today’s digital landscape, ensuring the security of web applications and APIs is paramount. The journey to find the right security solution can be filled with challenges and choices. In this blog post, we’ll dive into the experience of Rob Davies, VP of Engineering and Lead Architect at Revenera, as ... Read More
Mastering API Security: Learn the 3 Key Principles at Kong API Summit 2023
In an era where APIs (Application Programming Interfaces) are the lifeblood of digital interactions, the need for robust API security has never been more critical. According to Gartner research, a staggering 90% of web-enabled applications are predicted to harbor vulnerabilities related to APIs. To help security practitioners overcome API security ... Read More
2023 OWASP Top-10 Series: API9:2023 Improper Inventory Management
Welcome to the 10th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API9:2023 Improper Inventory Management. In this series we are taking an in-depth look at each category – the details, the ... Read More
Wallarm Webinar: NIST CSF 2.0, API Security, and CISO Imperatives
Last week, our good friend Raj Umadas, Director of Security at ActBlue, teamed up with our very own Tim Erlin, Head of Product, to talk about the newly proposed NIST Cybersecurity Framework (CSF). It was a fantastic discussion covering the intent behind this update, the major changes from v1.1 to ... Read More
2023 OWASP Top-10 Series: API8:2023 Security Misconfiguration
Welcome to the 9th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API8:2023 Security Misconfiguration. In this series we are taking an in-depth look at each category – the details, the impact ... Read More
2023 OWASP Top-10 Series: API7:2023 Server Side Request Forgery
Welcome to the 8th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API7:2023 Server Side Request Forgery (SSRF). In this series we are taking an in-depth look at each category – the ... Read More
