Wallarm API Attack Surface Management

Wallarm API Attack Surface Management (AASM) is an agentless detection solution designed for API ecosystem security. The platform discovers external hosts and their APIs, including hosting information such as CDN, IaaS, and PaaS providers. It identifies geolocation, data centers, and API protocols including JSON-API, GraphQL, XML-RPC, JSON-RPC, OData, gRPC, WebSocket, SOAP, WebDav, and HTML WEB. The solution scans public Postman and GitHub repositories to identify leaked API secrets, including API Keys, PII (usernames and passwords), and authorization tokens (Bearer/JWT). It provides recommendations for remediation strategies and supports response actions such as revoking leaked information or applying virtual patches. AASM performs continuous vulnerability detection by testing APIs for thousands of web and API-related CVEs. It identifies SSL/TLS misconfigurations and database management interface exposure. The platform discovers whether APIs are protected by WAFs/WAAPs, tests the types of threats these security solutions can detect, and provides security scores for each discovered endpoint. The solution uncovers publicly available private API specifications and requires no installation to get started.