Webmonitorx API Security is a solution for protecting web apps and APIs against hacker attacks and automatically detecting vulnerabilities. It provides security based on the Open Web Application Security Project (OWASP) recommendations and protection against zero-day exploits. This helps you mitigate reputational risks and save on exploit protection of your web apps, microservices, and APIs.
Webmonitorx analyzes all incoming HTTP requests and instantly blocks any malicious requests. Webmonitorx continuously collects metrics from all network traffic and processes them in the Computing Cluster using machine learning. The built-in Webmonitorx Cloud Scanner checks the company network resources for vulnerabilities in several modes.
Webmonitorx consists of the following components:
- Webmonitorx filtering node
- Webmonitorx computing cluster
The solution complies with the security standards, including PCI DSS.
-
Get an SSH key pair to connect to a virtual machine (VM).
-
Create a VM from a public image:
- Under Image/boot disk selection, go to the Cloud Marketplace tab and select Webmonitorx filtering node.
- Under Access:
- Enter the username in the Login field.
- Paste the contents of the public SSH key file in the SSH key field.
-
Create an account to work with the node.
-
Create (in Russian) a node and generate a token.
-
Connect to the VM over SSH. Use the username you provided when creating the VM, as well as the generated private SSH key.
-
Copy the generated token and run the following commands:
sudo /opt/wallarm/register-node -H api.wallarm.ru -t "${<token>}" sudo systemctl restart wallarm nginx -
Submit an example of a potentially malicious request:
curl 127.42/etc/passwd <html> <head><title>403 Forbidden</title></head> <body> <center><h1>403 Forbidden</h1></center> <hr><center>nginx/1.22.1</center> </body> </html>
The request will be blocked. You will see its details under Events (in Russian).
The above request is a sample one. To configure Nginx for threat protection, follow this guide (in Russian).
- Protection against OWASP Top 10 security risks and zero-day vulnerabilities
- Sensitive information leak prevention
- Protection of personal accounts of business partners and customers
Webmonitorx
Webmonitorx provides technical support to Webmonitorx Filtering Node users in Yandex Cloud. You can contact Webmonitorx support by email at support@webmonitorx.ru.
Yandex Cloud
Yandex Cloud does not provide technical support for this product. If you have any issues, please refer to the respective developer’s information resources.