Wallarm API Security Platform
API security tools
Container security tools
Web application firewalls (WAF)
Cloud security software
DevSecOps software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if Wallarm API Security Platform and its alternatives fit your requirements.
$17,880 per year
Free TrialFree version
Small
Medium
Large
- Construction
- Healthcare and life sciences
- Banking and insurance
What is Wallarm API Security Platform
Wallarm API Security Platform is an API security and application protection product that combines API discovery, threat detection, and runtime enforcement. It is used by security and platform teams to monitor API traffic, identify exposed endpoints and vulnerabilities, and block or mitigate attacks in production environments. The platform typically deploys as a reverse proxy/sidecar/ingress or via integrations with common gateways and cloud-native stacks, and it includes WAF-style controls oriented to API abuse cases.
Runtime API discovery and monitoring
The platform passively discovers APIs and endpoints from real traffic, which helps teams inventory shadow or undocumented APIs. It correlates observed requests with security findings to prioritize issues that are reachable in production. This approach fits organizations that need continuous visibility rather than relying only on design-time specifications.
Integrated WAF-style enforcement
Wallarm includes runtime protection capabilities that can block or mitigate common web and API attacks. This allows teams to move from detection to enforcement without deploying a separate WAF product. It is useful for production environments where immediate risk reduction is required while engineering fixes are in progress.
Cloud-native deployment options
The product supports deployment patterns commonly used in Kubernetes and modern ingress/gateway architectures. This helps DevSecOps teams integrate security controls into CI/CD and platform operations workflows. It can be positioned as part of a broader cloud security stack rather than a standalone scanner.
Operational tuning and maintenance
Runtime detection and blocking typically require tuning to reduce false positives and to align policies with application behavior. Teams may need to invest time in baselining traffic, setting exceptions, and managing rule updates. This can increase operational overhead compared with purely passive monitoring tools.
Coverage depends on traffic visibility
Passive discovery and analytics depend on seeing representative production or staging traffic. Low-traffic endpoints, internal-only APIs, or rarely used methods may remain undiscovered until they are exercised. Organizations may need complementary testing or spec-based validation to close these gaps.
Complexity across diverse architectures
Enterprises with multiple gateways, service meshes, and hybrid environments may need several integration points to achieve consistent coverage. Coordinating deployments across teams and environments can be non-trivial, especially where change control is strict. This can lengthen rollout timelines compared with single-edge deployments.
Plan & Pricing
| Plan | Price | Key features & notes |
|---|---|---|
| Cloud WAF — Startup | $17,880 per year | Request limit: up to 15M/month; Max monthly bandwidth: 1 TB; annual billing (Wallarm Cloud WAF Starter offer). |
| Cloud WAF — SMB | $29,880 per year | Request limit: up to 50M/month; Max monthly bandwidth: 1.5 TB; annual billing (Wallarm Cloud WAF SMB offer). |
| Cloud WAF — Enterprise | $50,000 per year | Request limit: up to 75M/month; Max monthly bandwidth: 2 TB; annual billing (Wallarm Cloud WAF Enterprise offer). |
| Security Edge Free Tier | $0 (Free) | Up to 500,000 requests per month; includes many Advanced API Security capabilities with some limitations; account disabled if >100% monthly quota and protection disabled at >200% until next month. |
| API Attack Surface — Core (AASM Core) | $0 (Free) | Agentless discovery and scanning of external hosts/APIs; Core plan is freemium with limits (e.g., 50 root domains, 5,000 hosts); remains active if you log in at least once every 30 days. |
| Cloud Native WAAP | Custom pricing | Core WAAP (Web Application & API Protection) subscription — contact sales (sales@wallarm.com) to activate. |
| WAAP + Advanced API Security | Custom pricing | Bundle that adds comprehensive API security (covers OWASP API Top-10) — contact sales. |
| Security Testing | Custom pricing | Subscription for automated security testing of apps/APIs — contact sales. |
| API Attack Surface — Enterprise (AASM Enterprise) | Custom pricing | Enterprise variant with increased scan cadence/capacity — contact sales. |
| Security Edge (Managed) | Custom pricing | Managed/hosted Security Edge deployment (Wallarm-managed nodes) — contact sales. |
Seller details
Wallarm, Inc.
San Francisco, CA, USA
2016
Private
https://wallarm.com/
https://x.com/wallarm
https://www.linkedin.com/company/wallarm/
