API Attack Surface Management ¶

Wallarm's API Attack Surface Management (AASM) is an agentless detection solution designed to discover all external hosts with their APIs, evaluate their protection against Web and API-based attacks, identify missing WAF/WAAP solutions, and eliminate API leaks.

API Attack Surface Management includes:

• API Attack Surface Discovery (AASD)

• API Leaks Detection

How it works¶

Work with API Attack Surface Management looks as follows:

• You buy subscription.

• You set your root domains to be scanned.

• For specified domains, Wallarm searches for subdomains/hosts and lists them.

  AASM system collects subdomains using various OSINT methods, such as passive DNS analysis, SSL/TLS certificate analysis, Certificate Transparency Logs analysis, via search engines and enumeration of the most frequently occurring subdomains.

• Wallarm identifies geolocation and data center for each host.

• Wallarm identifies exposed APIs on each host.

• Wallarm identifies security solutions (WAF/WAAP) protecting the host and evaluate their efficiency.

• Wallarm checks public resources for published (leaked) data related to specified domains.

• At specified domains, Wallarm searches for revealed (leaked) sensitive data.

• Wallarm lists leaks found for specified domains.

Enabling and setup¶

To use AASM, the Wallarm's API Attack Surface subscription plan should be active for your company. To activate, do one of the following:

• If you do not have Wallarm account yet, get pricing information and activate AASM on the Wallarm's official site here.

  When activating, scanning of the used email's domain starts immediately while you negotiate sales team. After activation, you can add additional domains to the scope.

• If you already have Wallarm account, contact sales@wallarm.com.

Once subscription is activated, to configure domain detection and API leaks remediation, in Wallarm Console → AASM → API Attack Surface or API Leaks section, click Configure. Add your domains to the scope, check the scanning status.

Wallarm will list all subdomains and show API leaks related to them if there are any. Note that domains are automatically re-scanned daily - new subdomains will be added automatically, previously listed but not found during re-scan will remain in the list.

You can re-start, pause or continue scanning for any domain manually at Configure → Status.

Was this page helpful?

How can we improve this article? (Optional)

Information is unclear or confusing

Insufficient information

Outdated or incorrect information

0/240

Send