As Maverick and Goose declared in the movie Top Gun, “I feel the need…the need for speed!”
Speed is a defining characteristic of IT and app development these days. It used to just be desirable—now it’s a strategic imperative. The DevOps revolution has accelerated the software development lifecycle. Rapid deployment and frequent updates are the new norm. It’s important, however, not to let security fall victim to the quest for speed. That’s where companies like Wallarm come in.
Who is Wallarm? That’s a fair question. Wallarm is a privately-held company founded in 2013. It is an artificial intelligence (AI) startup focused on the security of websites, microservices, and APIs running on public and private clouds. According to Wallarm, its AI engine enables dynamic, active, and focused security. They deliver application protection driven by AI.
The company recently launched its Framework for Automatic Security Testing or FAST. FAST is a framework for automatically creating and running security tests in the context of continuous integration (CI) or continuous deployment (CD) environment. Wallarm claims that FAST will give security researchers, developers, and quality assurance practitioners an easy way to automatically generate security tests from functional tests and production traffic.
“We have received a lot of requests from our customers who wanted to extend their application testing with security; but couldn’t do it because of limited security resources, “said Ivan Novikov, CEO of Wallarm. “Wallarm FAST takes existing manual or automated tests, like Selenium, and uses those as a basis for generating all the possible security tests out there. Security teams can then create a policy to chip off everything that doesn’t belong. The resulting set of tests runs automatically, making a great addition to the release acceptance criteria.”
Wallarm says that FAST can be deployed in minutes on a developer machine or team server from a container image in the Docker registry and that it is as simple to configure as a proxy on a browser. FAST has a number of features and benefits, including automatic security test generation, gray box testing that preserves session context, running tests automatically, fine-grain policies for security test generation, “hacker intelligence” and library payloads to test for known vulnerabilities, and more.
Balancing Speed and Security Testing
“Wallarm FAST has many cool features to help DevOps teams strike the delicate balance between the security of the application and the very short release cycles,” said Chris Rodriguez, senior analyst for Frost & Sullivan.
Wallarm customers seem to appreciate the benefits of FAST. “Security wants continuous, ‘in-depth’ security testing,” said Richard Seiersen, CISO for Lending Club. “Developers want to go fast. Wallarm’s FAST is designed to resolve this. First, it painlessly instruments the CI/CD pipeline. Then, its predictive engines learn, suggest and run bespoke tests…thousands of them.”
Sam Gaglani, Vice President of Xsolla, also weighed in, “Xsolla considers security to be a core competency for our payment platform. We are looking to supplement our comprehensive run-time security and compliance strategy with the tools that allow us to identify and address possible issues before deploying in production. Wallarm FAST security testing automation allows our DevOps team to conduct security testing as a part of the development process.”
Speed is not optional. Neither is security. An AI-driven platform that can automatically generate and run the necessary security tests seems like a concept with tremendous potential.