Wallarm Launches API Attack Surface Management (AASM)

SAN FRANCISCO--(BUSINESS WIRE)--Wallarm, a leader in API and application security, is proud to announce its latest innovation: API Attack Surface Management (AASM). This groundbreaking agentless technology revolutionizes how organizations identify, analyze, and secure their entire API attack surface. Designed for effortless deployment, Wallarm AASM empowers organizations to discover all of their externally-facing APIs and web applications, identify where they are missing critical web application firewalls (WAF)/web application and API protection (WAAP) coverage, and mitigate API leaks.

API attacks are the primary target for web application exploits and are now one of the leading causes of data breaches. A typical enterprise has hundreds of APIs, yet their visibility and protection lags far behind other security initiatives. These organizations often don’t know where to get started, or they lack the visibility needed to assess whether their current WAAP/WAF solutions are capable of getting the job done. API security is hindered by manual security processes, and keeping track of and documenting APIs is challenging as projects scale with new endpoints, parameters and functionalities being added.

“Even though APIs are a well-known source of application vulnerabilities, and we’ve seen a more than 30% increase in API vulnerabilities in 2023 alone, too many organizations are operating without adequate detection and response capabilities. They either don’t know where to get started, or they mistakenly think that their current solutions have them protected, which is usually not the case,” says Ivan Novikov, co-founder and CEO of Wallarm. “And for organizations that do have API detection and response capabilities, they are often dependent on too many manual processes that are distributed between multiple tools. This is far too time-consuming for most security teams and leads to inefficient security operations, missed detections and unacceptably slow response times.”

Wallarm has officially launched its AASM solution, a cutting-edge platform engineered to empower organizations to rapidly and seamlessly address the growing challenge of API vulnerabilities without deploying agents / sensors with minimal effort. Wallarm AASM delivers valuable capabilities to help customers discover their external API Attack Surface, test its security, assess its risk and enable customizable remediation strategies. They include:

• Automated API Attack Surface Discovery that identifies all external hosts with their web apps and APIs, including specific API protocols (REST API, GraphQL, SOAP, XML-RPC and more).
• Scanning public repositories for leaked API secrets, including API keys, PII (usernames and passwords, authorization tokens (Bearer/JWT) and other targets).
• Identification of which API hosts are secured with WAFs and testing to identify which types of threats their WAFs can detect.

New users can enable AASM within minutes and Wallarm offers a free, 7-day trial to help organizations get started have instant access to API attack surface visibility and results. AASM is available at https://www.wallarm.com/product/aasm.

About Wallarm

Wallarm, the integrated App and API Security company, provides robust protection for APIs, web applications, microservices, and serverless workloads running in cloud-native environments. Wallarm is the preferred choice of hundreds of Security and DevOps teams for comprehensive discovery of web apps and API endpoints, protection against emerging threats throughout their API portfolio, and automated incident response to enhance risk management. Our platform supports modern tech stacks, offering dozens of deployment options in cloud and Kubernetes-based environments, and also provides a full cloud solution. Wallarm is headquartered in San Francisco, California, and is backed by Toba Capital, Y Сombinator, Partech, and other investors.