Impart Resources

Product

Impart Product Update - Nov 2025

We’ve delivered a major round of upgrades across the Impart platform, introducing new AI Bot/MCP and LLM Protection dashboards, a refreshed and more intuitive App Experience, a high-performance Inspector v0.42.0 release, expanded Inspector Metrics for deeper operational visibility, and new SQLi and XSS version control, allowing teams to choose between Detection Version 1, Version 2, or always use the latest release. These updates make it easier than ever to understand AI-driven traffic, configure protections with clarity, manage detection behavior with precision, monitor system performance, and optimize your entire Impart deployment.

This is some text inside of a div block.

OWASP Deep Dive

What Your WAF Misses: Denial of Inventory

OWASP OAT-021 Denial of Inventory bots hold carts, seats, and reservations without ever buying. WAFs can't see the pattern. Here's why, and what closes the enforcement gap.

This is some text inside of a div block.

Blog

What Your WAF Misses: Card Cracking

Card cracking bots enumerate CVV codes through your payment flow, and your WAF can't see the processor response that makes the pattern legible. Here's what changes when enforcement moves inside the request path.

This is some text inside of a div block.

News

How Attackers Are Using AI to Outpace Defenses (Video)

Events

GPSec

Atlanta, GA

June 25, 2026

In Person

What Your WAF Misses: Carding

Carding tests thousands of stolen credit cards against your payment flow. Learn why WAFs struggle to stop it and why detection must move into the request path.

This is some text inside of a div block.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Safely test rate limit rules with Simulated Blocking

See what was blocked with blocking insights

Most API security tools fall short when it comes to explaining blocked requests. They can't detail what payloads were seen, what request attributes triggered a block, or how many requests were blocked. Impart's new Blocked Request Insights visualizations address these gaps, offering security teams a clear and comprehensive understanding of their blocked traffic.

Develop Firewall Rules Safely with Regression Testing

Firewall Regression Testing Now AvailableWe are thrilled to announce the launch of our latest innovation: Firewall Regression Testing. This powerful new feature empowers security teams to thoroughly test firewall rule changes before they impact production traffic, bringing modern development practices to firewall management.

The Future of Appsec is APIs

In this conversation, Matt Johansen and Brian Joe discuss API security and its evolution from traditional application security. First and foremost, they define what we mean by “API Security.” This involves a quick history lesson on the rise of microservices and decentralized applications. They also highlight the challenges and vulnerabilities associated with API security, such as broken authentication and authorization. We even get into how AI has impacted security testing and the need for innovation in response and enforcement! Overall, the discussion provides insights into the current state and future of API security. Join us to explore the evolution of web application firewalls (WAFs) and what they can and can not do in the ever-growing world of APIs. Matt’s favorite takeaway: Traditional WAFs inspected a single request and decided if it was good or bad. Next-gen WAFs added the dimension of looking at attack traffic over time instead of that single request. Impart, and modern API Security solutions are going beyond that 2nd dimension and bringing in a lot more context to make security decisions on API traffic.

Why WAF Logging fails

In conversations with many security teams, I've found a common frustration: relying on WAF access logs to secure their APIs and web apps. The unfortunate truth is that WAF logs don't work in practice. This post goes into detail about why.

WAFs don't protect against modern appsec threats

Guide To API Security Best Practices

Learn how to protect customer data and improve security posture with 8 essential API security best practices.

API Security Monitoring

Understand the best practices for monitoring your API, as well as some key features to look for when evaluating an API monitoring solution.

API Attacks

Learn how API attacks, such as Broken Object Level Authorization, can lead to unauthorized access to confidential data and how to protect against them.

API Gateway Security

Learn how to secure your API gateway with 8 best practices, from authenticating users to rate limiting and hardening your apps.

API Authentication Security Best Practices

Learn how to implement robust API authentication security measures with best practices and example solutions.

API Pentesting Methodology

Learn how to scope an API, address the top five attacks, and report and retest vulnerabilities during API penetration testing.

API Discovery

Learn how to discover, document, and manage APIs for organization owners and developers with this article on API discovery best practices.

OWASP Top 10 API

Learn how to prevent API security breaches with OWASP API Security Top 10 and implementing best practices for attack prevention.

Secure API Development

Explore a detailed guide to API development with security at its core, covering the entire SDLC. Gain insights into best practices and practical tips for comprehensive API protection.

API Security Solutions

Learn how to select a robust API security solution with features, best practices, and guidelines to ensure secure data exchange.

API Security Testing

Learn how to evaluate the security of an API and prevent common threats and vulnerabilities with twelve essential API security testing best practices.

API Security Tools

Learn how to use API security tools for offensive and defensive strategies, such as OWASP ZAP, Burp Suite, ffuf, Kiterunner, Postman, Swagger, and Im

API Security Strategy

Learn how to establish a comprehensive API security strategy, implement defense-in-depth, integrate security into development, and leverage advanced technologies for protection from API attacks.

API Security Tools

Learn about the importance of API security and the must-have features to consider when choosing an API security platform to safeguard against cyber attacks.

API Security Checklist

Learn how implementing robust authentication, data encryption, input validation, rate limiting, logging and monitoring, API documentation and versioning, and security testing can protect your APIs from cybercriminals.

How to Secure API

Learn 8 essential strategies for ensuring the security of your APIs, including adhering to the OWASP Top 10 API Checklist and implementing strong authentication mechanisms and continuous security monitoring.

GPSec

Atlanta, GA

June 25, 2026

In Person

Blackhat

Las Vegas, NV

August 4, 2026

In Person

OWASP Global AppSec USA

San Francisco, CA

November 2, 2026

In Person

Impart Product Update - Nov 2025

What Your WAF Misses: Denial of Inventory

What Your WAF Misses: Card Cracking

How Attackers Are Using AI to Outpace Defenses (Video)

GPSec

What Your WAF Misses: Carding

Filters

Safely test rate limit rules with Simulated Blocking

See what was blocked with blocking insights

Develop Firewall Rules Safely with Regression Testing

The Future of Appsec is APIs

Why WAF Logging fails

WAFs don't protect against modern appsec threats

Guide To API Security Best Practices

API Security Monitoring

API Attacks

API Gateway Security

API Authentication Security Best Practices

API Pentesting Methodology

API Discovery

OWASP Top 10 API

Secure API Development

API Security Solutions

API Security Testing

API Security Tools

API Security Strategy

API Security Tools

API Security Checklist

How to Secure API

GPSec

Blackhat

OWASP Global AppSec USA