At RSA Conference 2020, Wallarm released an expanded set of parsers, detection of API-specific vulnerabilities and API schema analysis for gRPC and GraphQL.
With Wallarm context-specific protection is delivered both for externally-facing APIs and for service-to-service internal APIs for a true zero trust use case.
“More than half of our customers are actively moving to the cloud-native stack. For them support for gRPC and GraphQL is not just a “nice-to-have”, but a strong requirement for all the security solutions, including WAF and DAST. Wallarm is stepping up to provide just that. We consistently follow all the modern application stacks, from serverless and WebSockets to Kubernetes-native, Envoy proxy, and now, gRPC and GraphQL as well”, said Ivan Novikov, CEO of Wallarm.
What is gRPC?
gRPC is an open-source high-performance RPC framework. It originated from a general-purpose RPC infrastructure called Stubby developed by Google. The objective was to connect a large number of microservices running within and across Google data centers. In addition to efficient connectivity, pluggable support for load balancing and security features contribute to its popularity. It is also applicable for the last mile of computing (mobile, web backend and IOT). It is also commonly used with Envoy proxy.
Core Features of the protocol:
- Client libraries in 10 programming languages
- Simplified service definition and high efficiency on the wire
- Bi-directional http/2 based transport with streaming support
- Use of binary protocol buffers for transmission efficiency
Wallarm streaming mode detection and specialized parsers allow Wallarm to detect vulnerabilities with near-zero latency which is required by gRPC. Further, protection is delivered without manually uploading the protocol buffer schema, which means it keeps up the protection even as the API schema changes.
What is GraphQL?
GraphQL is an alternative to the REST concept that allows working with the data in a more structured and object-oriented way. It’s based on JSON-encoded HTTP requests with custom queries inside.
Wallarm’s own definition of GraphQL is a meta-layer with built-in query language to access object-oriented data. Unlike the REST protocol, URL itself doesn’t contain data. This technology is widely used by many enterprise companies such as Facebook, Walmart, and Intuit. Many tools and frameworks you such as GitLab, New Relic, and WordPress use GraphQL also rely on GraphQL under the covers.
Wallarm implemented native JSON parser and specific rules to block GraphQL attacks. As a result, it’s possible now to block introspection queries and all the OWASP Top-10 attacks in the “variables” GraphQL parameters encoded as JSON.
As a result, when the next GitLab, WordPress, or other GraphQL-encoded vulnerability will be discovered, all the Wallarm customers will be protected automatically.