Wallarm's Security Testing Suite ¶

Wallarm's Security Testing suite is a comprehensive platform designed to secure APIs throughout the software development lifecycle. It offers two innovative tools that go beyond traditional security testing methods:

• Threat Replay Testing (TRT) takes a unique approach by converting real-world attack data into a continuous stream of security tests. Instead of relying on synthetic attacks, this tool automatically analyzes actual attack attempts targeting your production APIs, sanitizes the malicious payloads, and then "replays" them in a safe, non-production environment. This allows organizations to discover vulnerabilities exposed by active threats, ensuring their defenses are continuously updated against the latest attack patterns.

• Schema-Based Testing is a dynamic application security testing (DAST) solution that enables "shift-left" security. It uses an API's schema (such as an OpenAPI specification or a Postman collection) as a blueprint to automatically generate and execute targeted security tests. By integrating into CI/CD pipelines, Schema-Based Testing allows development teams to proactively identify a wide range of vulnerabilities—including OWASP API Top 10 risks, business logic flaws, and input validation issues—early in the development process, making them easier and cheaper to fix.

Threat Replay Testing¶

Wallarm's Threat Replay Testing (TRT) transforms your API security testing by converting actual attack attempts into comprehensive security tests. This innovative approach moves beyond traditional synthetic testing to help organizations identify and address real-world vulnerabilities.

Key features:

• Converts incoming attacks into sanitized security tests

• Automated testing in staging environments

• Comprehensive attack surface coverage through attack variation generation

• Safe payload sanitization to prevent system damage

Benefits:

• Identify vulnerabilities from real attack patterns

• Reduce security team workload with automated test generation

• Maintain system stability with non-production testing

• Stay ahead of emerging threats through continuous testing

Schema-Based Testing¶

Wallarm's Schema-Based Testing introduces dynamic application security testing (DAST) for APIs, enabling shift-left API testing and seamless integration into CI/CD pipelines and the SDLC process.

Key highlights

Expanded vulnerability coverage:

• OWASP API Top 10 risks

• Business Logic flaws (BOLA, BFLA)

• Input validation issues (Injections, RCE, Path Traversal)

• Environment misconfigurations

• GraphQL misconfigurations

Supported inputs:

• OpenAPI specifications

• Postman collections (for advanced testing of business logic scenarios and access control violations)

Schema-Based Testing runs on a lightweight Docker-based agent, ensuring fast and isolated execution. It supports both one-time scans for quick assessments and continuous testing integrated into CI/CD pipelines, making it flexible for different stages of the development lifecycle.

Test results are available locally for immediate review and are also synced to the Wallarm Console, where issues can be tracked and prioritized. Users can define a configurable risk-level threshold to automatically determine when a test run should fail, aligning security checks with organizational policies.

Was this page helpful?

How can we improve this article? (Optional)

Information is unclear or confusing

Insufficient information

Outdated or incorrect information

0/240

Send