gRPC is an open-source high-performance Remote Procedure Call (RPC) framework developed by Google. It enables client and server applications to communicate transparently and efficiently across different systems and programming languages.

gRPC uses Protocol Buffers (protobuf) as the default data serialization format, which is a compact and efficient binary format that is designed for high-performance data exchange. This enables gRPC to achieve high performance and low latency communication between services, making it an attractive option for building distributed systems.

From this version, KWAAP offers wide security coverage of the gRPC protocol. Without any configuration, KWAAP will enforce the HTTP/2 protocol, parse the gRPC protobuf messages, detect and block malicious payloads nested in complex data structures.

Combining gRPC support with JWT protection provides wide protection for OWASP Top 10 WEB and API threats.

Parameter pollution occurs when the parameters in the request are manipulated.

One of the manipulations employed is to duplicate an existing parameter and change its value with an attack.

KWAAP protects against this manipulation. It checks the presence of duplicated parameters located in the query part of the URL, in Cookies and in body parameters - JSON, XML. multipart/form-data, x-www-form-urlencoded and inspects and blocks any attack.

Personal Identifiable Information (PII) redaction (data obfuscation) in KWAAP is a mechanism that provides the ability to anonymize sensitive information from the Security Events and the Access-Log.

This allows KWAAP to comply with many regulations that prohibit PII information from being stored in a third-party security product.