Wallarm Advances API Security with Native Support for gRPC and GraphQL

Share Article

The Latest Release Features Protocol Parsers and Native Protection for the latest Data-Centric and Container-specific APIs

API security diagram

Wallarm Advanced API protection

More than half of our customers are actively moving to the cloud-native stack. For them, support for gRPC and GraphQL is not just a 'nice-to-have,' but a strong requirement for all the security solutions, including WAF and DAST.

From RSA 2020, Wallarm has released an expanded set of parsers, detection of API-specific attacks and API schema analysis for gRPC and GraphQL. With Wallarm context-specific protection is delivered both for externally-facing APIs and for service-to-service internal APIs for a true zero-trust use case.

“More than half of our customers are actively moving to the cloud-native stack. For them, support for gRPC and GraphQL is not just a 'nice-to-have,' but a strong requirement for all the security solutions, including WAF and DAST. Wallarm is stepping up to provide just that. We consistently follow all the modern application stacks, from serverless and WebSockets to Kubernetes-native, Envoy proxy, and now, gRPC and GraphQL as well,” said Ivan Novikov, CEO of Wallarm.

What is gRPC?
gRPC is an open-source high-performance RPC framework. It originated from a general-purpose RPC infrastructure called Stubby developed by Google. The objective was to connect a large number of microservices running within and across Google data centers. In addition to efficient connectivity, pluggable support for load balancing and security features contribute to its popularity. It is also applicable for the last mile of computing (mobile, web backend and IOT). It is also commonly used with Envoy proxy.

Core Features of the protocol:
Client libraries in 10 programming languages
Simplified service definition and high efficiency on the wire
Bi-directional http/2 based transport with streaming support
Use of binary protocol buffers for transmission efficiency

Wallarm streaming mode detection and specialized parsers allow Wallarm to detect attacks with near-zero latency which is required by gRPC. Further, protection is delivered without manually uploading the protocol buffer schema, which means it keeps up the protection even as the API schema changes.

“With support for high performance bi-directional streaming, TLS based security, and a wide variety of programming languages, gRPC is an ideal unified transport protocol for model driven configuration and telemetry.” - Cisco on gRPC.io website

What is GraphQL?
GraphQL is an alternative to the REST concept that allows working with the data in a more structured and object-oriented way. It’s based on JSON-encoded HTTP requests with custom queries inside. Wallarm’s own definition of GraphQL is a meta-layer with built-in query language to access object-oriented data. Unlike the REST protocol, URL itself doesn’t contain data. This technology is widely used by many enterprise companies such as Facebook, Walmart, and Intuit. Many tools and frameworks you such as GitLab, New Relic, and WordPress use GraphQL also rely on GraphQL under the covers.

Wallarm implemented native JSON parser and specific rules to block GraphQL attacks. As a result, it’s possible now to block introspection queries and all the OWASP Top-10 attacks in the “variables” GraphQL parameters encoded as JSON.

As a result, when the next GitLab, WordPress, or other GraphQL-encoded vulnerability will be discovered, all the Wallarm customers will be protected automatically.

Wallarm has covered GraphQL security extensively in its blog.

About Wallarm
Wallarm platform protects websites, microservices, and APIs throughout the application life-cycle. The solution provides increased visibility into hacking attempts, and detect and remediate OWASP Top-10 while focusing staff on the more strategic issues.

The technology provides dynamic, active, and focused security for hundreds of enterprises and SaaS companies operating in public, hybrid, and private clouds.

Founded in 2013, Wallarm is headquartered in San Francisco, California. It is backed by Toba Capital, Y Сombinator, Partech, Runa Capital, and other investors.

Share article on social media or email:

View article via:

Pdf Print

Contact Author


Stepan Ilyin
Email >
Follow >
Visit website