We're gearing up with some seriously cool stuff for Black Hat! But first, a little sneak peek - not just one, but TWO of Wallarm's open-source tools will be featured in the Arsenal showcase at Black Hat USA this year.

Black Hat Arsenal unites researchers and the open-source community to display their newest open-source tools and products, allowing presenters to engage directly with attendees. Its schedule is now live, so save the date to watch presentations of API Firewall and GoTestWAF.

Wallarm’s Open-source API Firewall: 1 Billion Downloads achieved! 

Interestingly, we introduced the API Firewall back in 2023 during the same Black Hat Arsenal showcase! Since then, the open-source API Firewall has undergone major enhancements, broadening its protective features to encompass GraphQL endpoints alongside its current support for REST APIs.

Functioning as a highly efficient intermediary, this API Firewall guarantees meticulous validation of API requests and responses, conforming to both OpenAPI and GraphQL schemas. It implements a positive security model that bolsters API security by permitting only the traffic that complies with a predefined API specification for requests and responses.

Functioning as a highly efficient intermediary, this API Firewall guarantees meticulous validation of API requests and responses, conforming to both OpenAPI and GraphQL schemas. It implements a positive security model that bolsters API security by permitting only the traffic that complies with a predefined API specification for requests and responses.

The key features of Wallarm's API Firewall are:

• Endpoint Security: Secure REST and GraphQL API endpoints by blocking non-compliant requests/responses
• Data Breach Prevention: Stop API data breaches by blocking malformed API responses
• Shadow API Discovery: Discover Shadow API endpoints
• Specification Adherence: Block attempts to use request/response parameters not specified in an OpenAPI specification
• Token Validation: Validate JWT access tokens and other OAuth 2.0 tokens using introspection endpoints
• Security Enhancements: Denylist compromised API tokens, keys, and cookies
• Wide Range Attacks Protection: The API Firewall supports ModSecurity Rules and OWASP Core RuleSet v3/v4

This open-source product is available on DockerHub and has achieved an impressive milestone of ONE BILLION downloads.

Wallarm’s GoTestWAF: In-depth Report Grading & Mapping

GoTestWAF is a now widely recognized open-source tool designed for assessing WAFs, WAAPs, and API Security products to validate their detection coverage and accuracy. GTW emulates diverse API attacks and evasion techniques to evaluate detection coverage and accuracy. 

GoTestWAF encompasses a broad range of attack vectors, evasion methods, and data encoding formats and conducts tests across multiple protocols, such as RESTful APIs, WebSocket communications, gRPC, and GraphQL.

GoTestWAF encompasses a broad range of attack vectors, evasion methods, and data encoding formats and conducts tests across multiple protocols, such as RESTful APIs, WebSocket communications, gRPC, and GraphQL.

The recently added features to the GoTestWAF are:

• Vendor Identification/Fingerprinting
• OWASP Core Rule Set Testing
• Regular Expressions for WAAP Response Analysis
• Cookie Handling
• Email Report Sending
• New Placeholders

The tools on display will be presented by Tim Erlin and Tracey Bernarth from the Wallarm team.

Cool Stickers. Hot API Security.

Do you like stickers? Who doesn’t? Check out Wallarm’s booth #3122, Black Hat’s one-stop-shop for the best API Security stickers.