Register for 09/13 webinar: NIST CSF 2.0, API Security, and CISO Imperatives
Watch the webinar: NIST CSF 2.0, API Security, and CISO Imperatives
Watch the webinar: NIST CSF 2.0, API Security, and CISO Imperatives
Watch the webinar: NIST CSF 2.0, API Security, and CISO Imperatives
Watch the webinar: NIST CSF 2.0, API Security, and CISO Imperatives
Register for 09/13 webinar: NIST CSF 2.0, API Security, and CISO Imperatives

Open Source Projects

Wallarm engineering and research teams continuously contributed to the community by releasing research, data and open-source tools that can be used as fundamental pieces in building API and product security toolchains of the modern enterprises.

API Firewall

API Firewall is a light-weight open-source firewall designed to protect your API endpoints in cloud-native environments with API Schema validation. API Firewall relies on a positive security model allowing calls that match predefined API specs, while rejecting everything else. Technically, API Firewall is a reverse proxy with a built-in OpenAPI v3 request and response validator, written in Go, and optimized for extreme performance and near-zero added latency. First introduced in 2021, it has already amassed 1B+ pulls from Docker Hub.

GoTestWAF

GoTestWAF is an open-source API and OWASP attack simulation tool that evaluates web application security solutions, such as API security proxies, Web Application Firewalls (WAFs), Intrusion Protection Systems (IPS), API Gateways, and others. It supports different types of attacks and a wide range of API protocols including REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC, and others. Shipped as a Docker container, it produces a detailed PDF report showing existing security solutions performance. There is also the online version of the tool.

libDetection Library

Libdetection provides a signature-free detection of payloads by implementing a syntax analysis and universal grammar theory. First introduced as a research project at Black Hat, this open-source library can be used to detect injections and command attacks such as SQLi and more – all without any signature or attack samples.

JWT Heartbreaker

JWT Heartbreaker is a Burp extension designed to find thousands of weak secrets automatically. This extension will automatically find JWT tokens in all the proxied HTTP requests and check for any secrets weaknesses. The extension is available under a GPL license, which is based on the extension JSON Web Tokens (JWT4B).

OWASP Top-10 2022 Proposal

Wallarm supports OWASP and other organizations which have a big impact in the software security space. Wallarm has provided ideas on how a statistical approach can be used to build the OWASP Top-10 list. This repository includes code, data and calculation methodology. This analysis and recommendation is based on 4,640,807 public security reports and bulletins from more than 125 sources, including HackerOne bug bounty reports, CVE, NVD, and exploits collections.

WallNet

WallNet is an open-source bidirectional recurrent neural network with attention mechanism, pooling layers, and pipeline for Structured Query Language injection (SQLi) detection. It was developed using TensorFlow 1.11 and Python 3.6, and is designed to reduce false positives which negatively impact DevSecOps workload and efficiency. It was demonstrated at BSideSF, during which the application of this methodology was illustrated and the implementation of AI-based false-positive detection for SQL injection attacks was detailed.

Organizations We Sponsor

Want more? Here are some supplemental material to learn more about Wallarm API Discovery.

Open Source Initiative Logo
We’re Supporting Member of the Open Source Initiative
OWASP Logo
We’re a sponsor of The Open Worldwide Application Security Project (OWASP)
Cloud Native Computing Foundation Logo
We’re a Silver Member
of the CNCF

Ready to protect your APIs?

Wallarm helps you develop fast and stay secure.