SecureIQLab publishes three APAC WAAP validation reports

By AI, Created 6:46 AM UTC, June 02, 2026, /AGP/ – SecureIQLab released three independent Cloud WAAP CyberRisk Validation Reports for Asia-Pacific vendors on June 2, expanding its WAAP testing program into APAC. The reports use the same AMTSO-compliant methodology as the lab’s 2025 global comparative and highlight full Layer 7 protection but a gap in API authorization enforcement.

Why it matters: - Asia-Pacific enterprises are among the fastest-growing buyers of web application and API security. - Independent validation gives buyers a technical benchmark beyond vendor self-attestation. - The reports extend SecureIQLab’s WAAP validation program into a region where buyers have had fewer consistent third-party test options.

What happened: - SecureIQLab published three Asia-Pacific Cloud WAAP CyberRisk Validation Reports on June 2, 2026. - The reports cover three Asia-Pacific Cloud Web Application and API Protection vendors. - Each report was completed under SecureIQLab Cloud WAAP CyberRisk Methodology v4.0. - The methodology is registered with the Anti-Malware Testing Standards Organization as Test ID AMTSO-LS1-TP127. - The validation program is non-commissioned and funded entirely by SecureIQLab. - Vendors provided product access for testing only.

The details: - The APAC reports use the same methodology, testbed and payload set used in SecureIQLab’s 2025 global comparative of 15 enterprise WAAP solutions. - The scope covers Security Efficacy testing for OWASP Top 10 (2021) web application threats, OWASP API Security Top 10 (2023) API threats, Layer 7 denial-of-service, automated bot activity and evasion resiliency. - API testing covered REST, GraphQL, SOAP, WebSockets and gRPC. - Each vendor was evaluated against 1,334 malicious payloads and 1,269 benign payloads. - All three vendors achieved 100% Layer 7 DoS protection scores. - All three vendors also achieved 100% Layer 7 DDoS protection, mitigating every tested application-layer flood vector. - None of the three products detected Broken Object Level Authorization, which ranks as the No. 1 risk in the OWASP API Security Top 10 (2023). - Vendor-specific OWASP API category breakdowns are available in each report at the APAC WAAP reports. - The 2025 global comparative also assessed Operational Efficiency and Compliance Validation, which are outside the scope of the individual APAC reports. - SecureIQLab says the full methodology documentation is available on its methodology page.

Between the lines: - The results suggest strong network-layer resilience across the APAC cohort, but uneven API authorization enforcement. - The lack of Broken Object Level Authorization detection is notable because that issue sits at the top of the OWASP API risk list. - The APAC release gives regional vendors and buyers the same evidentiary baseline SecureIQLab says North American and European buyers already use. - SecureIQLab says the AMTSO attestation is signed by David Ellis, who serves on the AMTSO Board of Directors.

What’s next: - SecureIQLab says Cloud WAAP CyberRisk Methodology v5.0 is in vendor testing and will cover up to 25 enterprise WAAP solutions. - Comparative results for v5.0 are expected in late 2026. - Individual vendor reports may publish before the comparative release. - SecureIQLab says the three APAC reports are available at the APAC report hub.

The bottom line: - The APAC reports show full Layer 7 protection across all three vendors, but also expose a shared weakness in a critical API security control.