The first dedicated WAF was introduced to the market in 1997 by Perfecto Technologies with their AppShield product. Perfecto, renamed as Sanctum, is also credited with defining the first top ten list of web application hacking techniques which, at the time, included:
This list evolved into the OWASP Top Ten, first published in 2003, and since then we’ve seen both the Top 10 and WAFs evolve to keep up with the latest and greatest threats to applications over the years.
Fast forward to 2019 and the OWASP community decided that API vulnerabilities are unique enough that it was time to define a Top 10 list specific to API-based applications and API Security.
So the question is – how does the WAF stand up as APIs have increasingly become the centerpiece of applications and a primary target for attackers? Check out the video to hear what we think and let us know your thoughts in the comments below.
Having Forbes single out Salt Security as one of only 25 of the “Next Billion-Dollar Startups” testifies to the combination of both the significant lead we enjoy in the market and the enormity of the problem we solve.
Salt Labs researchers investigated a large business-to-consumer (B2C) online platform that provides API-based mobile applications and software as a service to millions of users globally.