Setting markers

You can set markers on the Settings –> Markers tab.

Markers allow you to mark HTTP/HTTPS packets to have Wallarm process the marked packets in a special way.

Marker usage scenarios:

  • To authenticate the scanner and the application vulnerability checks.
  • To start the vulnerability search in the newly added application components or API – a common scenario with the Continuous Integration/Continuous Delivery users.
  • To update an application profile. This may come handy for the users who want deploy an application's or API's new functionality as fast as possible.

Create a marker

A marker is a 64-bit secret key that must be placed in the HTTP header X-Wallarm-Marker.

For example:

X-Wallarm-Marker: bdb1fcc94e807fbfa59c79778e6ea1f1cbd2ec8c33557c94a90b39a7491fd004
  1. Click Add.
  2. Provide a description, an IP address, and a subnet mask.

The filter node will use the marker only if the valid IP address and the subnet mask match the ones set in the Wallarm interface.

The marked requests will be used to update the application profile.

Markers and fuzzing

Fuzzing is a method of provoking abnormal behavior in a program by inputting atypical data in the program. There is a high probability that fuzzing can cause errors in the program. Wallarm uses fuzzing only for the requests that are marked as safe to be modified.

This method, along with unit tests, provides greater coverage from the information security point of view and covers an application's new components that are being tested, deployed, or are already deployed.

Advanced fuzzing support is in high demand with the companies using Continuous Integration/Continuous Delivery.

Set a fuzzer

  1. Add a header to the request: X-Wallarm-Marker: <marker>
  2. Add the header to the request: X-Wallarm-Fuzzer: yes
  3. Add advanced settings to the header X-Wallarm-Fuzzer-Policy:

    • replace-all <N>
    • add-to-end <N>
    • add-to-begin <N>
    • replace-from-end <M> <N>
    • replace-from-begin <M> <N>
    • insert-into-random <N>

For each vulnerability discovered during the checks, there will be a report generated and sent to your email or to

results matching ""

    No results matching ""