Privacy settings
We use cookies and similar technologies that are necessary to run the website. Additional cookies are only used with your consent. You can consent to our use of cookies by clicking on Agree. For more information on which data is collected and how it is shared with our partners please read our privacy and cookie policy: Cookie policy, Privacy policy
We use cookies to access, analyse and store information such as the characteristics of your device as well as certain personal data (IP addresses, navigation usage, geolocation data or unique identifiers). The processing of your data serves various purposes: Analytics cookies allow us to analyse our performance to offer you a better online experience and evaluate the efficiency of our campaigns. Personalisation cookies give you access to a customised experience of our website with usage-based offers and support. Finally, Advertising cookies are placed by third-party companies processing your data to create audiences lists to deliver targeted ads on social media and the internet. You may freely give, refuse or withdraw your consent at any time using the link provided at the bottom of each page.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Open Source Projects

Wallarm engineering and research teams continuously contributed to the community by releasing research, data and open-source tools that can be used as fundamental pieces in building API and product security toolchains of the modern enterprises.

API Firewall

API Firewall is a light-weight open-source firewall designed to protect your API endpoints in cloud-native environments with API Schema validation. API Firewall relies on a positive security model allowing calls that match predefined API specs, while rejecting everything else. Technically, API Firewall is a reverse proxy with a built-in OpenAPI v3 request and response validator, written in Go, and optimized for extreme performance and near-zero added latency. First introduced in 2021, it has already amassed 1B+ pulls from Docker Hub.


GoTestWAF is an open-source API and OWASP attack simulation tool that evaluates web application security solutions, such as API security proxies, Web Application Firewalls (WAFs), Intrusion Protection Systems (IPS), API Gateways, and others. It supports different types of attacks and a wide range of API protocols including REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC, and others. Shipped as a Docker container, it produces a detailed PDF report showing existing security solutions performance. There is also the online version of the tool.

libDetection Library

Libdetection provides a signature-free detection of payloads by implementing a syntax analysis and universal grammar theory. First introduced as a research project at Black Hat, this open-source library can be used to detect injections and command attacks such as SQLi and more – all without any signature or attack samples.

JWT Heartbreaker

JWT Heartbreaker is a Burp extension designed to find thousands of weak secrets automatically. This extension will automatically find JWT tokens in all the proxied HTTP requests and check for any secrets weaknesses. The extension is available under a GPL license, which is based on the extension JSON Web Tokens (JWT4B).

OWASP Top-10 2022 Proposal

Wallarm supports OWASP and other organizations which have a big impact in the software security space. Wallarm has provided ideas on how a statistical approach can be used to build the OWASP Top-10 list. This repository includes code, data and calculation methodology. This analysis and recommendation is based on 4,640,807 public security reports and bulletins from more than 125 sources, including HackerOne bug bounty reports, CVE, NVD, and exploits collections.


WallNet is an open-source bidirectional recurrent neural network with attention mechanism, pooling layers, and pipeline for Structured Query Language injection (SQLi) detection. It was developed using TensorFlow 1.11 and Python 3.6, and is designed to reduce false positives which negatively impact DevSecOps workload and efficiency. It was demonstrated at BSideSF, during which the application of this methodology was illustrated and the implementation of AI-based false-positive detection for SQL injection attacks was detailed.

Organizations We Sponsor

Want more? Here are some supplemental material to learn more about Wallarm API Discovery.

Open Source Initiative Logo
We’re Supporting Member of the Open Source Initiative
We’re a sponsor of The Open Worldwide Application Security Project (OWASP)
Cloud Native Computing Foundation Logo
We’re a Silver Member
of the CNCF

Ready to protect your APIs?

Wallarm helps you develop fast and stay secure.