%term

57% of Companies ALREADY BREACHED Through APIs (Your Company Is Probably Next) #apisecurity #api

Jan 13, 2026 By Wallarm In Wallarm

82% of companies are going API-First in 2025 But here's the troubling fact: 57% of them have ALREADY been breached through APIs. Why? Because they're going API-first without a solid API security strategy. It's like buying a sports car and forgetting the insurance. Organizations are racing toward digital transformation while threat actors simply walk through the open door. Threat actors love when you're API-first without a good security program. It makes their job easier.

View Video

Wallarm

API
Security

Read more about 57% of Companies ALREADY BREACHED Through APIs (Your Company Is Probably Next) #apisecurity #api

7 Reasons to Get Certified in API Security

Jan 12, 2026 By Wallarm In Wallarm

API security is becoming more important by the day and skilled practitioners are in high demand. Now’s the time to level up your API security skillset. Wallarm University, our free training course, provides security analysts, engineers, and practitioners with hands-on skills you can’t get from documentation, videos, or traditional courses. Run real attacks, investigate real signals, and learn exactly how to defend API environments when it counts. Here are the 7 reasons you should register.

Read Post

Wallarm

Read more about 7 Reasons to Get Certified in API Security

Bots vs. Barcodes: The Resource Quota Failure. #ticketmaster #bla #ratelimiting #businesslogic

Dec 23, 2025 By Wallarm In Wallarm

The infamous Ticketmaster case highlights BLA 1: Resource Quota Violation. Attackers used bots for mass purchasing and employed ingenious evasion: they reverse-engineered the barcoding logic to rotate and authenticate tokens, bypassing security controls. The core failure? Flawed rate limiting and business logic expiration. You must protect your inventory and your purchasing flows as if they were financial assets.

View Video

Wallarm

API
Security

Read more about Bots vs. Barcodes: The Resource Quota Failure. #ticketmaster #bla #ratelimiting #businesslogic

From Agent2Agent Prompt Injection to Runtime Self-Defense: How Wallarm Redefines Agentic AI Security

Dec 22, 2025 By Wallarm In Wallarm

Is an AI-to-AI attack scenario a science fiction possibility only for blockbusters like the Terminator series of movies? Well, maybe not!

Read Post

Wallarm

Read more about From Agent2Agent Prompt Injection to Runtime Self-Defense: How Wallarm Redefines Agentic AI Security

CISO Spotlight: Lefteris Tzelepis on Leadership, Strategy, and the Modern Security Mandate

Dec 19, 2025 By Wallarm In Wallarm

Lefteris Tzelepis, CISO at Steelmet /Viohalco Companies, was shaped by cybersecurity. From his early exposure to real-world attacks at the Greek Ministry of Defense to building and leading security programs inside complex enterprises, his career mirrors the evolution of the CISO role itself. Now a group CISO overseeing security across multiple organizations, Lefteris brings a practitioner’s mindset to leadership and incident response.

Read Post

Wallarm

Read more about CISO Spotlight: Lefteris Tzelepis on Leadership, Strategy, and the Modern Security Mandate

The Easiest Way to Get Hacked: Open Introspection. #graphql #businesslogic #apisecurity #rbi

Dec 18, 2025 By Wallarm In Wallarm

The RBI incident (Burger King, Tim Hortons) proves that BLA often results from a cascade of simple flaws, not one complex attack. The key mistake: GraphQL Introspection was enabled. This gave the attacker the full API blueprint - the map needed to find the open registration validation flaw and execute a massive data leak. Action Item: If you have GraphQL, check your production settings now. Disable Introspection. Don't hand the attacker the map to your castle!

View Video

Wallarm

Read more about The Easiest Way to Get Hacked: Open Introspection. #graphql #businesslogic #apisecurity #rbi

If You Can't Block It, You Don't Secure It. #mitigation #cyberdefense #apisecurity #blocking

Dec 16, 2025 By Wallarm In Wallarm

Detection is information; Blocking is mitigation. For Business Logic Abuse, simple detection alerts are not enough. Your tools must be able to actively block those manipulative, stateful attacks in real-time. Furthermore: Stop "one-and-done" security testing! You must continuously tune your testing by adopting an adversary's perspective. Tune your defense as constantly as attackers tune their exploits.

View Video

Wallarm

API
Security

Read more about If You Can't Block It, You Don't Secure It. #mitigation #cyberdefense #apisecurity #blocking

CISO Guide: 3 Steps to Stop Business Logic Abuse in Design #ciso #businesslogic #apisecurity

Dec 11, 2025 By Wallarm In Wallarm

Fixing Business Logic Abuse starts at the whiteboard, long before code is written. Here is the three-step defense: Map Critical Workflows: Visualize data flows and state transitions for all high-value features. Implement Adversary Emulation: Integrate the hacker's mindset into your process to find flaws early. Test Constantly: Refine and re-test the logic at every phase of the CI/CD pipeline.

View Video

Wallarm

API
Security

Read more about CISO Guide: 3 Steps to Stop Business Logic Abuse in Design #ciso #businesslogic #apisecurity

2026 API and AI Security Predictions: What Experts Expect in the Year Ahead

Dec 11, 2025 By Wallarm In Wallarm

This is a predictions blog. We know, we know; everyone does them, and they can get a bit same-y. Chances are, you’re already bored with reading them. So, we’ve decided to do things a little bit differently this year. Instead of bombarding you with just our own predictions, we’ve decided to cast the net far and wide. We’ve spoken to cybersecurity experts from around the world to answer what’s, for us, the most pressing question of all.

Read Post

Wallarm

Read more about 2026 API and AI Security Predictions: What Experts Expect in the Year Ahead

CISO Workshop on API Threat Modeling: How to Use STRIDE to Predict, Prevent, and Protect

Dec 10, 2025 By Wallarm In Wallarm

Threat modeling is a critical function for effective cybersecurity and threat models must adapt to emerging threats. As API deployments grow across organizations, cybersecurity teams need to extend their threat modeling to include the API attack surface. In this webinar, we'll examine threat modeling best practices for APIs, focusing on the STRIDE methodology. Attendees will learn.

View Video

Wallarm

API
Security

Read more about CISO Workshop on API Threat Modeling: How to Use STRIDE to Predict, Prevent, and Protect

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

57% of Companies ALREADY BREACHED Through APIs (Your Company Is Probably Next) #apisecurity #api

7 Reasons to Get Certified in API Security

Bots vs. Barcodes: The Resource Quota Failure. #ticketmaster #bla #ratelimiting #businesslogic

From Agent2Agent Prompt Injection to Runtime Self-Defense: How Wallarm Redefines Agentic AI Security

CISO Spotlight: Lefteris Tzelepis on Leadership, Strategy, and the Modern Security Mandate

The Easiest Way to Get Hacked: Open Introspection. #graphql #businesslogic #apisecurity #rbi

If You Can't Block It, You Don't Secure It. #mitigation #cyberdefense #apisecurity #blocking

CISO Guide: 3 Steps to Stop Business Logic Abuse in Design #ciso #businesslogic #apisecurity

2026 API and AI Security Predictions: What Experts Expect in the Year Ahead

CISO Workshop on API Threat Modeling: How to Use STRIDE to Predict, Prevent, and Protect

Monthly Archive

Follow Us