Logo
/
Sign in
Product Logo
API Attack Surface Management (AASM)Wallarm

AASM is an agentless solution designed to discover, test, and protect external APIs. It continuously maps API endpoints, detects vulnerabilities and leaked secrets, assesses WAF/WAAP coverage, and provides prioritized guidance for remediation.

Vendor

Vendor

Wallarm

Company Website

Company Website

1160.webp
67bdb1b1dbad0e8dfd12f6a0_attack-surface-img.svg
67ab228db1e8b1f8a48aa8ca_Vulnerabilities.png
Product details

API Attack Surface Management (AASM)

AASM is an agentless solution designed to discover, test, and protect external APIs. It continuously maps API endpoints, detects vulnerabilities and leaked secrets, assesses WAF/WAAP coverage, and provides prioritized guidance for remediation.

Features

  • Agentless discovery of external hosts, domains, subdomains, and associated APIs, including hosting provider and geolocation details
  • Support for multiple API protocols: REST/JSON‑API, GraphQL, SOAP, gRPC, WebSocket, XML‑RPC, JSON‑RPC, OData, WebDAV, HTML, and more
  • Continuous monitoring to reveal shadow, orphan, rogue, and new endpoints
  • Detection of missing WAF/WAAP protection, plus active testing of rule coverage per endpoint
  • Scanning of public repositories (e.g., GitHub, Postman) for API keys, tokens, PII, and other leaked secrets
  • Automated vulnerability detection including SSL/TLS misconfigurations, exposure of management interfaces, specification leaks, and thousands of CVEs

Capabilities

  • Full API attack surface inventory and risk assessment
  • WAF/WAAP coverage analysis, showing which threats are mitigated and where gaps exist
  • Detection and classification of vulnerabilities: path traversal, SQLi, SSRF, XSS, debug/config exposure, outdated software, and more
  • Identification of API leaks and actionable guidance for revocation or virtual patching
  • Threat testing across APIs and reporting of security scores per endpoint
  • Automated alerts and reports for discoveries, leaks, vulnerabilities, and configuration issues

Benefits

  • Zero‑touch deployment—no agents or sensors required, enabling fast onboarding
  • Enhanced visibility into external APIs, eliminating blind spots and uncovering undocumented endpoints
  • Strengthened security posture through prioritized detection of vulnerabilities and exposed secrets
  • Early detection of leaked API credentials and PII before exploitation occurs
  • Ensure WAF/WAAP effectiveness by identifying and closing protection gaps
  • Centralized, automated workflows that reduce manual effort and improve security operations
  • Proven reliability: protecting over 160,000 APIs and handling billions of requests daily
Find more products by category
Security SoftwareView all