My Journey To CTO for Imperva App Sec
I’m delighted to be announcing that I’ve joined Imperva as the CTO for Application Security. Many of you readers know me as the Forrester analyst covering Zero Trust, SASE, and network security since before the pandemic. But what you might not have known is prior to that, I was in ... Read More
Healthcare CAPTCHA: The Cure that’s Worse than the Disease
A healthcare insurer was forced to use a CAPTCHA. 70% of their aged patients could no longer refill their prescriptions. It was a complete disaster ... Read More
10 Questions to Ask a Bot-Mitigation Vendor
You figured out that you have a bot problem. Maybe you have a high account takeover (ATO) rate, or someone’s cracking all your gift cards, or scraping your site. You tried to handle it yourself with IP blacklists, geo-fencing, and dreaded CAPTCHAs, but it became an endless battle as the ... Read More
On The Launch of Shape Connect
The war against "fake" begins today, with the launch of Shape Connect ... Read More
Do You Need a WAF, or Something Better than a WAF?
“The king is dead! Long live the king!” The jarring conflict embodied in this timeless hoorah is about to apply to the application security space. Subjects are giving up on the old king—the web application firewall (WAF) technology—as their primary appsec tool, for several reasons. First, because WAFs are too ... Read More
5 Rando Stats from Watching eCrime All Day Every Day
David Holmes here, cub reporter for Shape Security. While I’m luxuriating in United Airlines steerage class, our crack SOC team is back at HQ slaving away over their dashboards as tidal waves of automated traffic crash against the Shape breakers. At least they have Nespresso and those convenient eggs-in-a-bag from ... Read More
Lessons Learned from 2018 Holiday Attacks: No Rest for the Wicked
Scrooge would approve—attackers work on Christmas Eve, and now on New Year’s Eve, too We at Shape Security defend the world’s top banking, retail, and travel websites. And while you might be just getting back to work this first full week of January, our attack forensics teams are finally getting ... Read More
Extreme Cybersecurity Predictions for 2019
Prediction blogs are fun but also kind of dangerous because we’re putting in writing educated guesses that may never come true and then we look, um, wrong. Also dangerous because if we’re going to get any airtime at all, we have to really push the boundary of incredulity. So here ... Read More
The Best of Shape Security 2018
Focus on the Good Things There are already too many blogs focusing on the bad things that happened this year. Focusing on the bad things in life makes you miss the good things. For example, reading through the reviews of all 61 “worst movies of 2018” took us would take ... Read More