Close
Privacy settings
We use cookies and similar technologies that are necessary to run the website. Additional cookies are only used with your consent. You can consent to our use of cookies by clicking on Agree. For more information on which data is collected and how it is shared with our partners please read our privacy and cookie policy: Cookie policy, Privacy policy
We use cookies to access, analyse and store information such as the characteristics of your device as well as certain personal data (IP addresses, navigation usage, geolocation data or unique identifiers). The processing of your data serves various purposes: Analytics cookies allow us to analyse our performance to offer you a better online experience and evaluate the efficiency of our campaigns. Personalisation cookies give you access to a customised experience of our website with usage-based offers and support. Finally, Advertising cookies are placed by third-party companies processing your data to create audiences lists to deliver targeted ads on social media and the internet. You may freely give, refuse or withdraw your consent at any time using the link provided at the bottom of each page.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Agentless API Attack Surface Management

API Attack Surface Management (AASM) is an agentless detection solution tailored to the API ecosystem, designed to discover all external hosts with their APIs, identify missing WAF/WAAP solutions and mitigate API Leaks

4 Hosts

AASM is licensed based on the number of external hosts, which can be any valid subdomains with or without services. You can start a trial scan first to see which plan fits you best. Looking for more than a hundred hosts? Let’s chat about it!

Annually

Monthly

Core

Complete API Attack Surface Discovery including WAF score, API protocols & Schemas.

-

-

/mo

Billed at
$2,388
$2,388
per year for
4
API Hosts
Get 50% off on all plans, including annual plans, by the end of December 2024.
Start 7 days Trial

Features:

External API Hosts Discovery

APIs & Types Discovery

WAFs Discovery

API Leaks Discovery

Specific API protocols Discovery

WAF Score

API Schema Discovery

Enterprise

Extended support, Bug hunting services, volume discount, and DevSecOps Integrations.

Custom

Including 100+ hosts
let's chat

Features:

Everything in Core +

Dedicated Customer Success Manager

False positive reduction

Bug hunting services included

DevSecOps Integrations

Product Features

Core
Enterprise

Discover all external hosts and their APIs
(including hosting e.g. CDN, IaaS, or PaaS providers)

Gain insights into the specific API protocols that your organization is using
(JSON-API, GraphQL, XML-RPC, JSON-RPC, OData, gRPC, WebSocket, SOAP, WebDav, HTML WEB and more)

Private API Schema Discovery
(E.g. Swagger/OpenAPI specifications unintentionally publicly available)

WAF Discovery
(Discovers if Web Apps and APIs are protected by WAFs/WAAPs)

WAF Score
(Assigns WAF Score based on its configuration and types of threats it can detect)

Leaked API Keys Detection

Leaked API Credentials Discovery
(User names, emails and passwords)

Leaked API Sensitive Technical Data Discovery
(API Tokens, Config files, backups, logs, source code)

Identify geolocation and data centers

Collaboration Features

Core
Enterprise

API Integration

Compliance Features

Core
Enterprise

SSO

Support and SLA

Core
Enterprise

MS teams/Slack support

Email support response time

24 hours

4 hours

Dedicated Customer Success Manager

Additional services

Core
Enterprise

Bug hunting services included
(Bug hunting involves using penetration techniques to discover issues that scanners cannot find, or for specific compliance-related testing.) 

False positive reduction

Hated by Attackers.‎
Trusted by Security.

The preferred choice for Security and DevOps teams seeking unparalleled Visibility, Comprehensive API Protection, and Automated Incident Response in product security programs.

200+

Enterprise customers

80+

Integrations and platforms

20,000+

Protected apps and APIs

With Wallarm, we've been able to scale API protection to the scale we need and manage with our infrastructure-as-code approach.

3,000+

APIs and apps protected

Gustavo Ogawa, Head of Security at Rappi

Ready to uncover your APIs and Leaks?

Get started in under a minute.
No installation required