One PUT Request to Own Tomcat: CVE-2025-24813 RCE is in the Wild 新发现的远程代码执行漏洞CVE-2025-24813利用Apache Tomcat服务器的默认会话机制，通过简单的PUT请求上传恶意序列化文件并触发反序列化，实现完全控制。传统WAF难以检测此攻击，而Wallarm可通过实时解码和深度分析有效防御。... 2025-3-14 03:38:0 | 阅读: 10 | 收藏 | Wallarm Blog - lab.wallarm.com security malicious attacker wallarm wafs

API Specifications: Why, When, and How to Enforce Them 文章介绍了API规范的重要性及其作用。API规范定义了API的结构和行为，包括请求方法、数据格式、认证机制和错误处理等。通过遵循这些规范，可以确保API的一致性、安全性、可维护性和互操作性。文章还详细说明了如何实施和维护API规范，并提到了OpenAPI Specification作为常见示例。... 2025-3-4 13:0:45 | 阅读: 2 | 收藏 | Wallarm Blog - lab.wallarm.com security developers wallarm enforce

API Armor: How Bybit’s Real-Time Blacklisting Is Thwarting a $1.5B Crypto Heist Bybit遭遇15亿美元加密货币盗窃后，利用API创建“黑名单”，追踪可疑钱包地址，并推出赏金计划激励安全专家协作拦截资金。这一创新举措展示了API在现代网络安全中的关键作用。... 2025-2-28 14:13:9 | 阅读: 5 | 收藏 | Wallarm Blog - lab.wallarm.com bybit security threats funds

DORA: Strengthening Digital Resilience Through API Security 文章介绍了欧盟《数字运营韧性法案》（DORA），旨在加强金融机构的IT安全与运营韧性。该法规要求机构管理ICT风险、进行事件报告与韧性测试，并监督第三方服务提供商。文章强调API安全对合规的重要性，并介绍Wallarm如何帮助机构实现目标。... 2025-2-20 11:51:37 | 阅读: 13 | 收藏 | Wallarm Blog - lab.wallarm.com dora security ict resilience wallarm

Overcoming Security Challenges in Real-Time APIs 实时API通过高效协议实现低延迟数据交换，在直播聊天、金融交易等领域应用广泛。但其持续连接和高数据流特性使其面临访问控制不当、注入攻击等安全风险。采用强认证、输入验证和实时威胁监测等措施可有效降低风险。... 2025-2-14 13:17:11 | 阅读: 5 | 收藏 | Wallarm Blog - lab.wallarm.com security attackers wallarm

AI Security is API Security: What CISOs and CIOs Need to Know 文章指出，随着人工智能（AI）的普及，API（应用程序编程接口）已成为新的主要攻击目标。研究表明，与AI相关的API漏洞激增了1025%，不安全的身份验证、内存腐败风险和外部威胁暴露等问题日益突出。2024年已证实API成为主要攻击向量。为应对这些挑战，组织需优先考虑API安全，采取包括发现和管理影子API、加强认证和访问控制、嵌入式安全测试等措施。只有通过主动应对这些挑战，才能确保AI驱动的创新不会以牺牲安全性为代价。... 2025-2-7 18:40:37 | 阅读: 9 | 收藏 | Wallarm Blog - lab.wallarm.com security attackers cisos cios

Threat Replay Testing: Turning Attackers into Pen Testers In war, as Sun Tzu taught us, the better you understand your enemy’s tactics (and yourself),... 2025-2-3 09:15:41 | 阅读: 5 | 收藏 | Wallarm Blog - lab.wallarm.com security trt attackers replay

Analyzing DeepSeek’s System Prompt: Jailbreaking Generative AI DeepSeek, a disruptive new AI model from China, has shaken the market, sparking both excitemen... 2025-1-31 15:54:19 | 阅读: 7 | 收藏 | Wallarm Blog - lab.wallarm.com deepseek security openai jailbreak ethical

API Security Is At the Center of OpenAI vs. DeepSeek Allegations With a high-stakes battle between OpenAI and its alleged Chinese rival, DeepSeek, API security... 2025-1-29 19:2:10 | 阅读: 6 | 收藏 | Wallarm Blog - lab.wallarm.com openai security wallarm deepseek scraping

API Security’s Role in Responsible AI Deployment By now, you will almost certainly be aware of the transformative impact artificial intelligen... 2025-1-21 09:28:38 | 阅读: 29 | 收藏 | Wallarm Blog - lab.wallarm.com security threats encryption

Considerations for Selecting the Best API Authentication Option Implementing API authentication is one of the most critical stages of API design and developm... 2025-1-20 07:7:14 | 阅读: 15 | 收藏 | Wallarm Blog - lab.wallarm.com jwts security client expiration

Effective API Throttling for Enhanced API Security APIs are the backbone of modern digital ecosystems, but their misuse can expose systems to cy... 2025-1-8 13:47:15 | 阅读: 18 | 收藏 | Wallarm Blog - lab.wallarm.com throttling security limiting ensuring wallarm

Top Open Source API Security Tools The modern world relies on Application Programming Interfaces (APIs). They allow applications... 2024-12-23 10:13:1 | 阅读: 16 | 收藏 | Wallarm Blog - lab.wallarm.com security gotestwaf cloud threats

Top Tool Capabilities to Prevent AI-Powered Attacks Recent advances in AI technologies have granted organizations and individuals alike unprecede... 2024-12-11 22:19:57 | 阅读: 15 | 收藏 | Wallarm Blog - lab.wallarm.com identify deepfake security phishing

Protecting Against Bot-Enabled API Abuse APIs have become the backbone of modern digital ecosystems, powering everything from mobile a... 2024-12-4 21:19:15 | 阅读: 16 | 收藏 | Wallarm Blog - lab.wallarm.com scraping security wallarm bots attackers

How Is API Abuse Different from Web Application Attacks by Bots? API abuse and web application bot attacks are often confused. This is understandable, as both... 2024-11-27 21:6:57 | 阅读: 15 | 收藏 | Wallarm Blog - lab.wallarm.com wallarm security attackers bots

Taming API Sprawl: Best Practices for API Discovery and Management APIs are the backbone of interconnected applications, enabling organizations to innovate, int... 2024-11-18 17:38:58 | 阅读: 13 | 收藏 | Wallarm Blog - lab.wallarm.com sprawl security wallarm development operational

Your AppSec Journey Demystified: Driving Effective API Security with Wallarm and StackHawk There is no doubt that attackers have shifted their attention to APIs. Wallarm’s API ThreatSt... 2024-11-13 23:23:44 | 阅读: 15 | 收藏 | Wallarm Blog - lab.wallarm.com security wallarm stackhawk proactive development

Context is King: Using API Sessions for Security Context There’s no doubt that API security is a hot topic these days. The continued growth in API-rel... 2024-11-13 03:9:10 | 阅读: 17 | 收藏 | Wallarm Blog - lab.wallarm.com security threats wallarm malicious orders

The Hidden Costs of API Breaches: Quantifying the Long-Term Business Impact API attacks can be costly. Really costly. Obvious financial impacts like legal fines, stolen... 2024-11-11 18:52:37 | 阅读: 21 | 收藏 | Wallarm Blog - lab.wallarm.com security costs regulatory impacts attackers