Skip to main content

Impart Resources

Product

Impart Product Update - Nov 2025

We’ve delivered a major round of upgrades across the Impart platform, introducing new AI Bot/MCP and LLM Protection dashboards, a refreshed and more intuitive App Experience, a high-performance Inspector v0.42.0 release, expanded Inspector Metrics for deeper operational visibility, and new SQLi and XSS version control, allowing teams to choose between Detection Version 1, Version 2, or always use the latest release. These updates make it easier than ever to understand AI-driven traffic, configure protections with clarity, manage detection behavior with precision, monitor system performance, and optimize your entire Impart deployment.

Read More
This is some text inside of a div block.
OWASP Deep Dive

What Your WAF Misses: Denial of Inventory

OWASP OAT-021 Denial of Inventory bots hold carts, seats, and reservations without ever buying. WAFs can't see the pattern. Here's why, and what closes the enforcement gap.

Read More
This is some text inside of a div block.
Blog

What Your WAF Misses: Card Cracking

Card cracking bots enumerate CVV codes through your payment flow, and your WAF can't see the processor response that makes the pattern legible. Here's what changes when enforcement moves inside the request path.

Read More
This is some text inside of a div block.
News

How Attackers Are Using AI to Outpace Defenses (Video)

Read More
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Events

GPSec

Atlanta, GA

June 25, 2026

Register
In Person

What Your WAF Misses: Carding

Carding tests thousands of stolen credit cards against your payment flow. Learn why WAFs struggle to stop it and why detection must move into the request path.

Read More
This is some text inside of a div block.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Filters

Clear all
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

4 Key Takeaways from OWASP Global DC

After attending OWASP Global DC 2023, there are 4 key takeaways I want to share: (1) Events are back!

(2) AI is being used by everyone, but not well productized. Within the OWASP crowd, AI is viewed as a a "good enough" solution for many problems like static analysis of code. Surprisingly, privacy concerns were not as big of an issue as I thought they would be by practitioners on the ground—the perceived value and benefits people are getting from the tools is, so far, outweighing the perceived security risk of data leaking into public LLMs.

(3) Everyone is an ASPM now. (4) API Security is now a well-understood and accepted problem. Everyone I spoke with at this event knew what the problem was, and furthermore had already tried and failed to secure their APIs using existing solutions like SAST, DAST, and WAF.

Read More
Brian Joe
11.2.2023
Blog

The Next Generation of AppSec is Upon Us (Part 1 of 2)

Read More
Brian Joe
9.28.2023
Blog

Know Your Enemy, Know Yourself: Why WAFs can't protect your APIs

My initial take on API Security was that we could provide API security with a WAF. After all, API traffic is predominantly HTTP, just like a web application. I thought that all we needed to do to provide API security is to block bad API requests. It also didn’t hurt that I worked at a WAF vendor at the time.However, the more I spoke with customers and CISOs, the more I realized that this approach didn’t work. Our WAF had no way to answer the most basic API security questions I was being asked by customers...

Read More
Brian Joe
9.25.2023
Blog

Innovating with Our Security Advisory Board

Read More
Impart Security
7.10.2023
Blog

Shift Left, Shift Right, or Other?

Read More
Impart Security
6.14.2023
Blog

Thoughts on The New 2023 OWASP API Security Top 10 Release

Read More
Impart Security
6.7.2023
Blog
API Security Guide

Guide To API Security Best Practices

Learn how to protect customer data and improve security posture with 8 essential API security best practices.

9.1.2023
Read More
API Security Guide

API Security Monitoring

Understand the best practices for monitoring your API, as well as some key features to look for when evaluating an API monitoring solution.

3.18.2024
Read More
API Security Guide

API Attacks

Learn how API attacks, such as Broken Object Level Authorization, can lead to unauthorized access to confidential data and how to protect against them.

3.18.2024
Read More
API Security Guide

API Gateway Security

Learn how to secure your API gateway with 8 best practices, from authenticating users to rate limiting and hardening your apps.

3.18.2024
Read More
API Security Guide

API Authentication Security Best Practices

Learn how to implement robust API authentication security measures with best practices and example solutions.

3.18.2024
Read More
API Security Guide

API Pentesting Methodology

Learn how to scope an API, address the top five attacks, and report and retest vulnerabilities during API penetration testing.

3.18.2024
Read More
API Security Guide

API Discovery

Learn how to discover, document, and manage APIs for organization owners and developers with this article on API discovery best practices.

3.18.2024
Read More
API Security Guide

OWASP Top 10 API

Learn how to prevent API security breaches with OWASP API Security Top 10 and implementing best practices for attack prevention.

3.18.2024
Read More
API Security Guide

Secure API Development

Explore a detailed guide to API development with security at its core, covering the entire SDLC. Gain insights into best practices and practical tips for comprehensive API protection.

3.18.2024
Read More
API Security Guide

API Security Solutions

Learn how to select a robust API security solution with features, best practices, and guidelines to ensure secure data exchange.

3.20.2024
Read More
API Security Guide

API Security Testing

Learn how to evaluate the security of an API and prevent common threats and vulnerabilities with twelve essential API security testing best practices.

5.28.2024
Read More
API Security Guide

API Security Tools

Learn how to use API security tools for offensive and defensive strategies, such as OWASP ZAP, Burp Suite, ffuf, Kiterunner, Postman, Swagger, and Im

5.28.2024
Read More
API Security Strategy Guide

API Security Strategy

Learn how to establish a comprehensive API security strategy, implement defense-in-depth, integrate security into development, and leverage advanced technologies for protection from API attacks.

Read More
4.29.2024
API Security Strategy Guide

API Security Tools

Learn about the importance of API security and the must-have features to consider when choosing an API security platform to safeguard against cyber attacks.

Read More
4.30.2024
API Security Strategy Guide

API Security Checklist

Learn how implementing robust authentication, data encryption, input validation, rate limiting, logging and monitoring, API documentation and versioning, and security testing can protect your APIs from cybercriminals.

Read More
4.30.2024
API Security Strategy Guide

How to Secure API

Learn 8 essential strategies for ensuring the security of your APIs, including adhering to the OWASP Top 10 API Checklist and implementing strong authentication mechanisms and continuous security monitoring.

Read More
4.30.2024
Events

GPSec

Atlanta, GA

June 25, 2026

Register
In Person
6.25.2026
Events

Blackhat

Las Vegas, NV

August 4, 2026

Register
In Person
8.4.2026
Events

OWASP Global AppSec USA

San Francisco, CA

November 2, 2026

Register
In Person
11.2.2026