Modern businesses are increasingly reliant on APIs. They are the building blocks facilitating data exchange and communication between disparate systems. Because of their prevalence and impor… Read More
Blog Directory > Cloud Application and API Security | Wallarm Blog - Blog >
Cloud Application And Api Security | Wallarm Blog Blog
lab.wallarm.com
Tags:
api gateways
severity cvss description
cve severity cvss
pci dss
security
api protection
publicfacing web applications
web applications
management
security
ebpf
api security
apis
graphql
security
threat intelligence
backup enterprise manager
security
zeroday
query
docker
api security
envoy
api gateways
api firewall
server
vulnerable
openssh
zeroday vulnerabilities
docker daemon
security
crash
api security summit
json web keys
veeam backup enterprise
remote code execution
market
malicious javascript injection
gitlab
security
api threatstatsacirccent report
supply chain
veeam
plugins
sql injection
router models
asus
report
api security
vulnerability
polyfillio
security
vulnerability
cve gitlab fixes
model
module exposes thousands
prestashop module exposes
Envoy has carved out a critical role in cloud-native computing, becoming increasingly prevalent as the default ingress controller for Kubernetes. This high-performance proxy, developed by Ly… Read More
Thank You Chicago!
Earlier this week we had the pleasure of hosting a regional API Security Summit in Chicago (well, actually in Lombard). These summits bring together the local cybersecu… Read More
GraphQL vs REST APIs
Developers are constantly exploring new technologies that can improve the performance, flexibility, and usability of applications. GraphQL is one such technology th… Read More
Managing an organization’s attack surface is a complex problem involving asset discovery, vulnerability analysis, and continuous monitoring. There are multiple well-defined solutions t… Read More
The Early Days: Basic Asset Management
While it was not called ASM, the concept of managing attack surface management began with basic asset management practices in the late 1990s and early… Read More
The Other Crowdstrike Outage
On July 19, 2024, a flawed update in CrowdStrike Falcon's channel file 291 led to a logic error that caused Windows systems to crash, resulting in widespread BSO… Read More
As we move through 2024, the Wallarm Research Team continues to monitor the evolving API vulnerability and threat landscape. Our latest Q2 ThreatStats™ Report reveals critical trends a… Read More
Summary
A significant vulnerability (CVE-2024-41110) was recently discovered in Docker Engine version 18.09.1.Although the issue was identified and fixed in 2019, the patch did not apply… Read More
In our recent webinar recent webinar title 'A CISO’s Checklist for Securing APIs and Applications', we delved into the concept of creating an API security playground tailored for… Read More
We're gearing up with some seriously cool stuff for Black Hat! But first, a little sneak peek - not just one, but TWO of Wallarm's open-source tools will be featured in the Arsenal showcase… Read More
Polyfill.io helps web developers achieve cross-browser compatibility by automatically managing necessary polyfills. By adding a script tag to their HTML, developers can ensure that features… Read More
Labeled as CVE-2024-6387, the recently discovered vulnerability in OpenSSH has become a serious cause for concern among Linux servers. OpenSSH is a collection of networking tools built on th… Read More
A security flaw that impacts specific versions of GitLab's Community and Enterprise Edition products was just detected. This vulnerability can be exploited to execute pipelines under any use… Read More
SQL Injection Exposure in Promokit.eu Threatens Facebook's PrestaShop Customers
PrestaShop is a free, open-source E-commerce platform launched in 2007. Built with PHP and MySQL, it offer… Read More
ASUS announces major Firmware Update
ASUS recently issued a firmware update to resolve a critical security vulnerability affecting seven different variants of its router models.
Identified a… Read More
On March 31st, 2024, The Payments Card Industry Standards Security Council (PCI SSC) officially retired version 3.2.1 of the PCI Data Security Standard (PCI DSS) with the publication of its… Read More
Whenever a company is notified about or discovers a critical flaw in their system/application that has the potential to be exploited by malicious elements, it’s termed a vulnerability… Read More
On May 21, 2024, Veeam revealed a severe flaw across its Veeam Backup Enterprise Manager (VBEM) web interface that enables an unauthenticated attacker to log into the web interface as any us… Read More
Active Exploits target Check Point Security Gateway Zero-Day Information Disclosure flaw
Check Point Cybersecurity has issued hotfixes to address a zero-day vulnerability in its VPNs that ha… Read More
Introduction
In May 2024, new vulnerabilities have been identified in BIG-IP Next Central Manager, raising considerable security concerns. This discovery follows closely on the heels of a cr… Read More
Dell recently issued a notice regarding a data breach that occurred on May 9, which has reportedly affected over 49 million customers across the globe.
According to a report by BleepingCompu… Read More
We are thrilled to announce that Wallarm has clinched the sought-after 2024 Cybersecurity Excellence Award, under the category Best API Security Product.
Our unwavering commitment to pioneer… Read More
A highly concerning security loophole was recently discovered in a WordPress plugin called "Email Subscribers by Icegram Express," a popular tool utilized by a vast network of over 90,000+ w… Read More
As we have in previous editions of the ThreatStats report, we highlight the industry’s top API-related attacks and trends. New to this version, however, is a detailed analysis of API a… Read More
Wallarm introduced its ongoing Open Source API Firewall project to the world at the recently concluded Blackhat Asia 2024 conference in Singapore.
The open-source API Firewall by Wallarm is… Read More
A severe command injection vulnerability in the GlobalProtect Gateway feature of PAN-OS versions 10.2, 11.0, and 11.1 underscores the critical importance of API security in devices at the fr… Read More
APIs (Application Programming Interfaces) have proliferated widely, which increases their susceptibility to various vulnerabilities. In the realm of web applications, prime examples that sta… Read More
Spoutible, the rapidly growing social media platform known for its commitment to fostering a safe, inclusive, and respectful online community, has taken a significant step forward in its mis… Read More
All industries are at risk of credential stuffing and account takeover (ATO) attacks. However, some industries are at a greater risk because of the sensitive information or volume of custome… Read More
“If you put a key under the mat for the cops, a burglar can find it, too. Criminals are using every technology tool at their disposal to hack into people’s accounts. If they know… Read More
“If you put a key under the mat for the cops, a burglar can find it, too. Criminals are using every technology tool at their disposal to hack into people’s accounts. If they know… Read More
Since 1991, Web Application Firewall, commonly referred to as WAF, has become one of the most common application security technologies available on the market. Since the last century, WAFs h… Read More
Government bodies are clamping down heavily on institutions and organizations that handle sensitive customer data. For APIs, tokens are used to authenticate users.
We live in an era domin… Read More
Ensuring the security of web applications and APIs is more critical than ever. With threats becoming increasingly prevalent and sophisticated, organizations need to employ comprehensive secu… Read More
A Kickoff Discussion on Core Aspects of Avro & Protobuf
When deliberating on the subject of data structure encoding, a tandem of tools frequently emerges in technical discussions: Avro a… Read More
Introduction to Digital Experience Monitoring: Illuminating the Basics
In an era governed by technology, the satisfaction of an end-user is of utmost importance. It has the power to stimulat… Read More
Unveiling the Enigma of Path Navigation: An Exhaustive Exploration and Insight
Path Navigation, often referred to as Folder Navigation, symbolizes a kind of security extraction point allowin… Read More
Understanding the Basics of GDPR Compliance
Within the sphere of cybersecurity, significant strides were made as the European Union (EU) introduced an innovative legislative tool called the… Read More
In our Annual API ThreatStats report, we highlighted the increasing threat of API Leaks. An API Leak is the disclosure of sensitive API information, such as a token, credential, or private s… Read More
Credential Stuffing, a vital yet often overlooked aspect of cybersecurity, needs to be addressed with urgency. An alarmingly large segment of the population engages in the risky habit of usi… Read More
Understanding the Basics of Secure Incident Response Plan
A proactive strategy for coping with digital dangers calls for a well-planned process that can neutralize and diminish the harmful a… Read More
Do you know what 23andMe, Jason's Deli, North Face, and Hot Topic have in common? They've all been breached by successful credential stuffing attacks in the last year!
An attack type t… Read More
Deciphering the Cyber Invasion Terrain
We exist in an era deeply entrenched in digital dependence, where cyber invasions present significant risks for companies, government establishments… Read More
Introduction
On January 16 2024, Atlassian issued a significant alert on a critical Server-Side Template Injection (SSTI) vulnerability in Confluence Data Center and Server… Read More
An Intro to Kafka and RabbitMQ: The Masters of Messaging
In the realm of messaging systems, two names stand out: Kafka and RabbitMQ. These two powerhouses have become the go-to solutions for… Read More
The Wallarm Security Research team is pleased to share the latest version of our API ThreatStats report. This report serves as a key resource for API, Application security practitioners. It… Read More
Unraveling the Key Components of the Renowned OWASP Mobile Top 10 Index
The altruistic initiative, Open Network Application Defense Plan (ONADP), spearheads a cluster of operations in its mi… Read More
A Beginners Guide to Understanding Protobuf & JSON
When you dive into the sphere of data serialization, you're likely to encounter two dominant players - Protobuf, the colloquial term fo… Read More
Understanding the Basics of Security Operations (SecOps)
SecOps represents the blending of cybersecurity proficiency with operational domains, forming a powerful bulwark. Its primary mission… Read More