The 2025 WAF Wave from the Other Side
Forrester just published its 2025 Web application Firewall Wave. As a former industry analyst, and as a contributor on the vendor side for Imperva (cough, a leader in the report, cough), let me share some reactions on the shape of this report. The Center of the Universe The first top ... Read More
How Imperva Infused AI Throughout Research and Development
The Age of AI Is Upon Us The current pace of technological change beggars’ belief. Generative Artificial Intelligence (GenAI), released to the world a mere two years ago, promises to eliminate much of the tedium of the digital world. Software engineers around the world are already using it to speed ... Read More
Imperva’s Wildest 2025 AppSec Predictions
Humans are spectacularly bad at predicting the future. Which is why, when someone appears to be able to do it on a regular basis, they are hailed as visionaries, luminaries and celebrated with cool names like Nostradamus and The Amazing Kreskin. Nostradamus made his fame on predictions about the distant ... Read More
My Journey To CTO for Imperva App Sec
I’m delighted to be announcing that I’ve joined Imperva as the CTO for Application Security. Many of you readers know me as the Forrester analyst covering Zero Trust, SASE, and network security since before the pandemic. But what you might not have known is prior to that, I was in ... Read More
Healthcare CAPTCHA: The Cure that’s Worse than the Disease
A healthcare insurer was forced to use a CAPTCHA. 70% of their aged patients could no longer refill their prescriptions. It was a complete disaster ... Read More
10 Questions to Ask a Bot-Mitigation Vendor
You figured out that you have a bot problem. Maybe you have a high account takeover (ATO) rate, or someone’s cracking all your gift cards, or scraping your site. You tried to handle it yourself with IP blacklists, geo-fencing, and dreaded CAPTCHAs, but it became an endless battle as the ... Read More
On The Launch of Shape Connect
The war against "fake" begins today, with the launch of Shape Connect ... Read More
Do You Need a WAF, or Something Better than a WAF?
“The king is dead! Long live the king!” The jarring conflict embodied in this timeless hoorah is about to apply to the application security space. Subjects are giving up on the old king—the web application firewall (WAF) technology—as their primary appsec tool, for several reasons. First, because WAFs are too ... Read More
5 Rando Stats from Watching eCrime All Day Every Day
David Holmes here, cub reporter for Shape Security. While I’m luxuriating in United Airlines steerage class, our crack SOC team is back at HQ slaving away over their dashboards as tidal waves of automated traffic crash against the Shape breakers. At least they have Nespresso and those convenient eggs-in-a-bag from ... Read More
Lessons Learned from 2018 Holiday Attacks: No Rest for the Wicked
Scrooge would approve—attackers work on Christmas Eve, and now on New Year’s Eve, too We at Shape Security defend the world’s top banking, retail, and travel websites. And while you might be just getting back to work this first full week of January, our attack forensics teams are finally getting ... Read More
