Private APIs at Risk: Q1-2023 API ThreatStats™ Report
According to a Mar-2022 API survey by Gartner, 98% of organizations use or are planning to use internal APIs – up from 88% in 2019. And 90% of organizations use or are planning to use private APIs provided by partners – up from 68% in 2019. Obviously, there’s a big ... Read More
Find APIs Hiding in the Shadows
What’s hiding in the shadows? It’s a well understood reality that unmanaged IT assets tend to be unmonitored IT assets, and that both introduce risk. Whether it’s a forgotten about application, or an unmanaged cloud storage volume, you can’t protect what you don’t know about. Attackers thrive on this fact, ... Read More
ChatGPT: Friend or Foe? | API Security Newsletter
Welcome to our April API newsletter, recapping some of the events of last month. This month’s topic is Generative AI tools (e.g., ChatGPT) in cybersecurity. It – along with API Security – dominated the 2023 RSA Conference, and there’s plenty of digital ink being spilled on the topic. Be sure ... Read More
Connect with Wallarm at RSA 2023
We’re looking forward to seeing you at this year’s RSA Conference! Don’t forget to set up a meeting with our executives, as they would love to hear more about your team’s application security needs and chat with you about how Wallarm can help. Visit Us at Booth #6585 in the ... Read More
Changes in OWASP API Security Top-10 2023RC | API Security Newsletter
Welcome to our March API newsletter, recapping some of the events of last month. And what a month it was. Among other buzzworthy news, OWASP published the initial Release Candidate for the 2023 API Security Top-10 list – we analyzed the ins & outs and presented them over the course ... Read More
Insights into the New OWASP API Security Top-10 for CISOs
ICYMI, we recently presented A CISOs Guide to the New 2023 OWASP API Security Update. In this first of two planned webinars, Stepan Ilyin and Tim Ebbers provided an overview of what’s in and what’s out in the planned update and had a lively discussion about how this impacts your ... Read More
2022 Year-End API ThreatStats™ Report
In 2022, the Wallarm Threat Research team went through almost 350,000 reports to find 650 API-specific vulnerabilities, and tracked 115 published exploits impacting these vulnerabilities – all of which could negatively impact your business risk posture. The 2022 Year-End API ThreatStats™ Report presents the analysis and discussion of 2022 API ... Read More
VMware NSX Manager vulnerabilities being actively exploited in the wild
The Wallarm Detect team has found exploit attempts in the wild of CVE-2022-31678 and CVE-2021-39144. The original vulnerabilities were found in VMware NSX Manager at the end of last year, and can lead to remote code execution (RCE) by pre-authenticated attackers. The CVE-2022-31678 vulnerability was found in VMware NSX Manager ... Read More
Q4-2022 API ThreatStats™ Report
We’re pleased to present the latest quarterly review and analysis of API vulnerabilities and exploits. This time, we’re going to split our discussion into two parts: today this quarterly review, and soon hereafter our year-in-review report. The Q4-2022 ThreatStats™ Report infographic is entitled “Mind the API Time-to-Exploit Gap” because we ... Read More
Learn from the T-Mobile API Breach to Improve Your API Security Program in 2023
A CISO’s job has never been more challenging. Engineering teams move fast, especially as organizations are accelerating their digital transformation efforts. The tech stack is exploding and varies greatly across the organization. And there is a surge of internal, external, and partner APIs. It’s T-Mobile in the headlines today, but ... Read More
