The (winter) solstice is fast approaching, along with the end-of-year holidays – before we know it, it’ll be 2023 already! And with the fall behind us, our hive has been busy putting the finishing touches on many new and improved capabilities – such as weak JWT detection, API Abuse Prevention, API Risk Scoring, and full OWASP API Security Top-10 coverage. Read on for this month’s bit o’ honey.
I’ve been playing around with the new ChatGPT tool. It’s an interesting (and fun) capability – for instance, see this thread from the inestimable Brian Krebs, which demonstrates both the silly (e.g., the data breach notification) and the more scary (e.g., the watering hole attack).
There are obvious implications of AI for both attackers and defenders, and I predict we’ll be hearing a lot more about it even after the novelty wears off – new payload ideas, new & expanded fuzzing ideas, new approaches for known issues searches such as WAF bypasses, and much more.
Just look at how good it is in API security already:
As a pioneer in cyber AI, we know how hard it is to get results like that. If you are interested in our early AI research, take a look at my 2017 NeuralFuzz presentation on AI-fuzzing (PDF) and my 2019 BSidesSF presentation on WallNet, an AI-based false positive tuning approach.
On a completely different note, just before Thanksgiving we decided to move the API Security Community from a group to a page format. This will allow users to share content while avoiding noisy marketing and sales folks group messages (shame on them!). From now on, all new posts about #apisecurity exploits and updates will be published on the API ThreatStats LinkedIn page. Join us!
Finally, I’ll close with our monthly poll. First, last month we asked about integrating API security into your SOC – it looks like a vast majority of you are doing so:
And we’d love to have you weigh in on the next LinkedIn poll we’re conducting: How mature is your DevSecOps process? Please let us know where you stand on this – connect with me or follow us at Wallarm to register your vote.
Thanks, and have a great December!
– Ivan, CEO & Co-Founder, Wallarm
PS – Congratulations to Wallarm advisor Frank Kim, who recently joined YL Ventures as their new full-time CISO-in-Residence!
Wallarm customers are protected from known attacks against these vulnerabilities. However, we recommend that you assess your portfolio for exposure to these vulnerabilities, apply updates where possible, and monitor for further incidents.
Wallarm is excited to announce several additions to the executive leadership team to help guide our strategic growth in the API security market, which according to Forrester is a top-5 priority for 2023 cybersecurity investment.
Some of the new and improved features and capabilities coming in December:
Talk with your customer support engineer or your account manager about enabling these capabilities in your instance.
Did You Know? You can subscribe to our update announcements to keep up-to-date with the latest product news.
Webinar [2023-Jan-05] — Wallarm Platform Democast: What’s New
Join us for a live, interactive product demo of Wallarm on January 5, where you can learn more about the key components of the platform and recent feature enhancements.
Past:
Webinar [on-demand] — Q3 API ThreatStats Report: DevOps Tools Under Attack
Listen to our discussion of the results of the Wallarm Research team’s extensive analysis of published API vulnerabilities and exploits for Q3-2022.
Webinar [on-demand] — Wallarm + Kong: Better Together
Listen to this recorded webinar with Andrew Kew from Kong and Tim Ebbers from Wallarm, where they discuss a real-world customer deployment of the joint solution with Jiju Jacob, Director of Engineering at Revenera.
Wow! You read all the way to the bottom of this newsletter?!? Clearly we did something right, so please let us know what you liked (or didn’t) at [email protected]. If we did a really great job and you’re interested in learning more about API Security and Wallarm, we’d love to show you a demo of our platform, or you can trial it yourself.
Where APIs meet apis
And now for something completely different. Since the theme of The APIary newsletter is based on hardworking & industrious bees, we thought we’d share this bee-meme with you. This month’s image comes courtesy of DALL-E, using the prompt: an oil painting by Wassily Kandinsky of a bee in a santa hat. Enjoy!