For too long, security teams have been forced to rely on outdated, cumbersome tools that make their jobs harder than they need to be. While these teams are resourceful and always find a way to get the job done, the poor developer experience (DevEx) takes its toll—leading to higher maintenance costs and slower response times. It's time for security teams to have access to tools with the same modern, efficient DevEx that developers use, empowering them to work faster and more effectively in defending against threats.

Most API security tools fall short when it comes to explaining blocked requests. They can't detail what payloads were seen, what request attributes triggered a block, or how many requests were blocked. Impart's new Blocked Request Insights visualizations address these gaps, offering security teams a clear and comprehensive understanding of their blocked traffic.

Firewall Regression Testing Now AvailableWe are thrilled to announce the launch of our latest innovation: Firewall Regression Testing. This powerful new feature empowers security teams to thoroughly test firewall rule changes before they impact production traffic, bringing modern development practices to firewall management.

In this conversation, Matt Johansen and Brian Joe discuss API security and its evolution from traditional application security. First and foremost, they define what we mean by “API Security.” This involves a quick history lesson on the rise of microservices and decentralized applications. They also highlight the challenges and vulnerabilities associated with API security, such as broken authentication and authorization. We even get into how AI has impacted security testing and the need for innovation in response and enforcement! Overall, the discussion provides insights into the current state and future of API security. Join us to explore the evolution of web application firewalls (WAFs) and what they can and can not do in the ever-growing world of APIs. Matt’s favorite takeaway: Traditional WAFs inspected a single request and decided if it was good or bad. Next-gen WAFs added the dimension of looking at attack traffic over time instead of that single request. Impart, and modern API Security solutions are going beyond that 2nd dimension and bringing in a lot more context to make security decisions on API traffic.

In conversations with many security teams, I've found a common frustration: relying on WAF access logs to secure their APIs and web apps. The unfortunate truth is that WAF logs don't work in practice. This post goes into detail about why.

Rami McCarthy did a great post on RASP last month touching on some of the history of RASP. I thought the post was great and did a great job focusing on the competitive landscape, industry factors, and technical barriers to entry. In this post, I wanted to dig deeper into the security outcomes (read: problems to solve) that tools like RASP and WAF achieve, and also explore a bit more in depth the future of both WAF and RASP in the modern era.