Name: Cracking the Code: Defending APIs from Business Logic Attacks
Start: 2023-09-20T17:00:00Z
End: 2023-09-20T17:01:00.000Z
Location: BrightTALK
Rating: 4.9

Imperva is a leading provider of cyber security solutions that protect business-critical data and applications in the cloud and on-premises.

With 80-90% of data being unstructured and created in the cloud , Data Security Posture Management (DSPM) is becoming essential for organizations to understand what data they have, what the risks are to their sensitive data, and understand the journey data takes in their business environment. While this initial visibility and understanding about data and data risks are valuable, it's what comes next that helps you to achieve an outcome for a particular use case. 

Join our featured speakers, Todd Moore, Thales VP of Data Security, and featured speaker Heidi Shey, principal analyst, Forrester, as they discuss how organizations must evaluate automated data security technologies like data security posture management to track and protect data throughout its life cycle.

Attendees will learn:
• Where to look for security gaps in your organization’s current data protection strategy
• Which data security use cases should be prioritized for successful DSPM adoption
• Why DSPM needs to go beyond cloud-centric visibility and native controls
• How artificial intelligence (AI) and post-quantum cryptography (PQC) will impact your data security strategy.
• Plus, Todd Moore will share how Thales can help your team and organization proactively protect your most critical data and prioritize risk mitigation.

Whether you are planning a deployment or refining your current data security strategy, you’ll gain actionable steps to drive better security outcomes and maximize value.

From Visibility to Value: Leveraging DSPM to Safeguard the Data Lifecycle

The holiday shopping season brings record traffic, but also record cyberattacks. From DDoS disruptions and API abuse to credential stuffing, scalper bots, and account takeovers, online retailers are prime targets during peak demand.

Discover how an integrated, automated approach to application security helps you maintain uptime, safeguard data, and deliver a smooth, and secure shopping experience at scale, even when the queues are virtual.

Join Alex Bakshtein, Global Solution Architect, Cybersecurity & Digital Identity (Thales), to explore how Thales Imperva’s Application Security Platform, which combines Web Application Firewall (WAF), Advanced Bot Protection, Account Takeover Protection, API Security, DDoS Mitigation, and Waiting Room capabilities, and how they help retailers protect performance, availability, and customer trust when it matters most.

Key Takeaways

1. Defend against malicious bots: Learn how Advanced Bot Protection stops scalpers, credential stuffers, and loyalty fraud attacks before they impact your customers.
2. Secure your APIs end-to-end: Understand how API discovery and protection prevent data exposure, abuse, and shadow API risks across retail ecosystems.
3. Stay resilient under DDoS pressure: See how Imperva’s layered defenses keep your sites fast, available, and customer-ready during traffic surges.

All WAAPed Up for the Holidays: Keeping Retail Websites Fast, Secure & Fraud-Free

Data security has shifted from being a bit-part player among a broader cybersecurity discussion to become a standalone discipline, assuming its logical place as the foundation of a wider, multi-tier cybersecurity posture. When organizations can map out and understand their data landscape, they are more confident in their security measures to defend it and reduce the risk of non-compliance —resulting in significant sanctions or penalties from regulators.
In 2026, data security is projected to be the most critical aspect of a digital asset strategy. Data security posture management (DSPM) can provide a firm foundation as your organization builds out transformation projects, including AI and Quantum. 

Join our speakers as we discuss Omdia’s assessment of the DSPM market, qualified vendors, and real-world use cases, including:
• How Omdia defines DSPM into two capability areas: data security and posture management.
• Why AI and quantum introduce new complexities to IT and the DSPM infrastructure.
• What to look for when selecting a vendor.
• How Thales can help build customer-centric business value.

DSPM at a Turning Point: 2026 Outlook for Data Security Posture Management

A Deep Dive into Automated Attacks on the Travel Industry Over the Holidays—And How to Protect Your Apps, APIs, and Booking Platforms Before Peak Season Returns

While travelers were booking flights, hotels, and rental cars this summer, bots were checking into your digital platforms—scraping prices, hoarding inventory, hijacking loyalty accounts, and wreaking havoc on revenue and performance.
Join our expert team as we unpack the latest bot activity observed across the travel industry this summer—from airlines to booking engines to hotel and car rental platforms. We’ll expose the evolving tactics attackers use to hijack inventory, scrape pricing data, and commit fraud—and show you how to fortify your defenses before the next travel surge.
With bots now making up the majority of traffic in the travel sector, this webinar is your opportunity to get ahead of the threat before the end-of-year holiday season begins.

In This Webinar, You’ll Learn:
• The top bot attack trends targeting travel websites this summer—and how attackers exploited seasonal demand across flights, hotels, and rental platforms.
• How automated threats impact revenue and customer experience—including price scraping, loyalty fraud, seat spinning, fake bookings, and more.
• Why bots love APIs—and how attackers are abusing them to mimic human behavior and bypass detection.
• The role of AI in modern bot attacks, from CAPTCHA-solving to dynamic response tactics, making even basic attacks harder to stop.
• Industry-specific mitigation strategies you can implement now to protect applications, APIs, and inventory ahead of peak holiday traffic.

Bots on Vacation? Think Again - While Your Customers Checked Out This Summer, Bad Bots checked-in.

Bots are now in control of the internet – literally. In 2025, bad bots are smarter, faster, and harder to detect, thanks to AI. For the first time in over a decade, automated traffic has surpassed human activity online. Even more alarming? Over a third of that traffic is malicious. 
Join us for an inside look at the latest findings from the 2025 Bad Bot Report for the APAC region. You’ll get exclusive insights into how attackers are using automation to scale their efforts, and what your organization must do to fight back. 
• Why bad bot traffic now exceeds human traffic—and how that impacts your risk profile 
• How attackers are using AI to launch faster, stealthier, more damaging threats 
• Proven strategies and tools to detect and block bad bots in real time with use cases 
Bad bots are advancing: It’s time your defenses did too.

Staying Ahead in 2025: Defending Against Malicious Bot Attacks in APAC

In recent years, the rise of API attacks has become a pressing concern across the Asia-Pacific region, with reports indicating a significant uptick in incidents targeting APIs. Organizations are grappling with the complexities of API security, reflecting a broader trend seen across APAC where APIs account for a staggering 71% of web traffic. As APIs continue to be integral to application modernization and seamless connectivity, understanding the associated risks has never been more critical.

The extensive use of APIs is expanding the attack surface, leading to significant security challenges for organizations. Key threats include Shadow APIs, third-party API implementations, API governance issues, business logic abuse, data leakage, and a notable shortage of API security expertise.

Join us for an insightful session where our experts will uncover the following: 
• The latest attack statistics from Imperva Threat Research group
• API vulnerabilities, business logic attacks, and AI-related threats
• Regional statistics diverging from the global threat index
• The financial impact of API attacks using a model based on over 150,000 cybersecurity claims
• OWASP Top 10 for LLM Applications 2025 updates
• Insights into the current state of technology within the defender’s application security stack
• Actionable recommendations with use cases

Stay ahead of the evolving API threats—reserve your spot today and protect your business now.

The Evolving API Threat Landscape: What IT Leaders Need to Know

Bots are now in control of the internet—literally. In 2025, bad bots are smarter, faster, 
and harder to detect, thanks to AI. For the first time in over a decade, automated traffic 
has surpassed human activity online. Even more alarming? Over a third of that traffic 
is malicious.

Join Imperva’s cybersecurity experts for an inside look at the latest findings from the 
2025 Bad Bot Report. You’ll get exclusive insights into how attackers are using automation to scale their efforts, and what your organization must do to fight back.

• Why bad bot traffic now exceeds human traffic—and how that impacts your risk profile

• How attackers are using AI to launch faster, stealthier, more damaging threats

• Proven strategies and tools to detect and block bad bots in real time

Bad bots are advancing: It’s time your defenses did too.

Bad Bots in 2025: The Growing Business Risk You Can’t Ignore

It started with a forgotten API key.  

A fast-growing company launched a new mobile app—sleek design, flawless UX. But buried in the backend was a hardcoded API key accidentally pushed to a public repo. Within days, attackers exploited the key to exfiltrate customer data and disrupt operations. The breach was traced not to a firewall failure, but to a secrets management oversight and unmonitored APIs. 

This scenario isn’t rare—it’s the new normal. As businesses race to deliver seamless digital experiences, APIs are becoming the backbone of digital transformation—and secrets like API keys, credentials, and certificates are the keys to your kingdom. As organizations expand their digital ecosystems, the risks associated with exposed or mismanaged secrets and insecure APIs have grown exponentially. 

Join us for an insightful webinar where experts from Thales and Imperva will explore how integrating Thales CipherTrust Secrets Management with Imperva API Security delivers a powerful, layered defense strategy. You’ll learn how this combined solution helps organizations: 

* Protect sensitive secrets across hybrid and multi-cloud environments 
* Discover and secure all APIs—including shadow and zombie APIs 
* Enforce least privilege and Zero Trust access controls 
* Achieve visibility, compliance, and continuous risk reduction 

Whether you're a security architect, DevOps lead, or compliance officer, this session will equip you with practical insights to better secure your APIs and manage secrets at scale. 

Register now and learn how to prevent the breach before it happens.

Comprehensive Guide to Protecting Secrets and APIs

APIs power modern applications but are prime targets for OWASP API Security Top 10 threats like Broken Object Level Authorization (BOLA). Organizations need a proactive approach to detect and mitigate these evolving risks.

Join us to discover how Imperva is reinventing API security with:

• Unlimited API Discovery – Gain full visibility into shadow, zombie, and high-risk APIs, with a highlight on the new cloud WAF add-on
• Real-Time Threat Protection – Detect and mitigate business logic attacks in real-time before damage occurs
• Key Findings from Imperva’s 2025 Bad Bot Report – How bots exploit APIs to target businesses

Don’t miss this exclusive deep dive into the next generation of API security!

Transform API Security with Unmatched Discovery and Defense

PCI DSS 4.0 is bringing major changes to cybersecurity, requiring stronger authentication, enhanced encryption, and new protections against payment data theft from web browsers. Is your organization ready?

Join Lynn Marks, Sr. Product Manager, for a live demo of Imperva’s latest Client-Side Protection features—designed to help you streamline compliance with requirements 6.4.3 and 11.6.1. Plus, get an exclusive sneak peek at what’s coming next. Don’t miss this chance to stay ahead of evolving security standards! 

Here are some highlights from this must-attend session:
• Live Demo: See Imperva’s Client-Side Protection in action and how it safeguards payment data from browser-based threats

• Simplifying Compliance: Learn how to meet PCI DSS 4.0 requirements (6.4.3 and 11.6.1) and confidently communicate compliance to auditors

• Client-Side Protection Roadmap 2025: Get an exclusive look at upcoming features and enhancements designed to strengthen security and streamline compliance

Beyond PCI DSS 4.0: Securing the Client-Side for 2025

Next month will mark a pivotal moment in cybersecurity, as PCI DSS 4.0 introduces requirements to combat payment data theft from web browsers. Don't be caught off guard – join our cybersecurity experts and prepare your online organization to thrive in the PCI DSS 4.0 era.

Here’s a few of the topics we’ll cover:
• A look into PCI DSS 4.0's new client-side security paradigm
• Find out how requirements (6.4.3 & 11.6.1) safeguard against fraud and breaches
• Busting compliance obligation myths to ensure regulatory adherence

PCI DSS 4.0 - the New Client-Side Security Frontier

Overburdened security teams are constantly weighing the need for robust cybersecurity that doesn’t create an operational burden. Most often, however, teams are forced to sacrifice one for the other. Looking at your return on security investment (ROSI) can help you understand how to best manage these competing requirements for your environment and available resources.

Join our speakers, David Holmes, CTO of Application Security at Imperva and a former Forrester principal analyst, and David Ellis, Vice President of Research at SecureIQLab and author of the SecureIQLab 2024 WAAP Comparative Report, for an expert discussion on:

• Effectively evaluating tradeoffs between security efficacy and operational efficiency for your organization
• Calculating and utilizing a return on security investment metric to secure budget and influence your executive leadership
• Identifying tradeoff traps

Elevate your Security Posture by Balancing Effectiveness and Efficiency

The cybersecurity landscape is evolving rapidly, and 2025 is set to bring unprecedented challenges. From advanced threats to shifting technological and political landscapes, staying ahead has never been more critical.

Join our leading security experts, David Holmes and Terry Ray, as they reveal the biggest cybersecurity trends shaping the future. Here’s a few of their key insights:

• API security: From niche to necessity
• Critical infrastructure: Battling escalating threats
• Open-source software: New vulnerabilities on the horizon
• AI-driven breaches: How generative AI is changing the game

Unveiling the Cybersecurity Trends for 2025

As digital transformation, the cyber landscape, and regulatory pressures continue to evolve rapidly, data security is emerging as a top priority for organizations seeking integrated platforms to meet their broader cybersecurity needs now and as part of their future strategy. 
In this session, Adam Strange will present research findings from Omdia’s Decision Maker Survey 2024, which gathered responses from over 950 IT security professionals regarding their cyber security concerns. Terry Ray, Field VP and CTO of Data Security, will discuss how Thales Data Security solutions are addressing these critical issues, enhancing organizations' overall security posture, and providing better protection against potential threats.
Webinar will cover:
• Key trends shaping the future of data security
• The role of Data Security Posture Management capabilities within a broader data security strategy
• Outlook and growing adoption of integrated data security platforms
• Thales Data Security solutions

2025 Outlook for Data Security

In a world where AI-driven threats are evolving at an alarming pace, we face adversaries who can easily surpass conventional defenses. Reacting to incidents is no longer enough; now is the time to take charge of your data environment. But how do we make that leap? The answer lies in gaining deep visibility into our operations.

Understanding your unique risk profile and pinpointing and prioritizing the top vulnerabilities in your environment, and remediating them is not just about meeting compliance — it's essential for bolstering your defenses and maximizing your limited resources.

How Organizations are Evolving to Improve Their Risk Posture

$186B annually. That’s the global cost of API insecurity and bot attacks to businesses. In a groundbreaking study, Imperva partnered with the Marsh McLennan Cyber Risk Intelligence Center to analyze over 161,000 cybersecurity incidents, revealing the true cost of API insecurity and bot-driven threats. 

Join our experts as they dive into alarming insights uncovered in this recent study. Gain actionable intelligence, protect your organization and reduce exposure to these ever-evolving digital threats.

Key highlights include:
• Growing financial risks of API and bot-related attacks
• Prevalence of API and bot attacks by company size
• How to develop proactive and adaptive cybersecurity measures

The True Cost of API Insecurity and Bot Attacks in 2024

APIs have become the backbone of innovation but they have inadvertently created a wider attack surface for cybercriminals.

Without proper security checks, APIs become playgrounds for attackers. Join us as we uncover a growing, hidden danger: business logic abuse.

Some topics we’ll cover:

• How deep discovery and machine learning can provide full API visibility and monitoring
• How to safeguard your most vulnerable APIs, to minimize business logic abuse
• Essential tools needed for evaluating and mitigating Broken Object Level Authorization (BOLA) risk per current IDOR regulatory guidelines
• Full-stack API Security solution vs. pure-play API Security

Cracking the Code: Defending APIs from Business Logic Attacks

API Security

BOLA

IDOR

Application Security

Business Logic Attacks

Cybersecurity

APIs

Digital Transformation

Machine Learning

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Practicing business intelligence allows your company to transform raw data into sets of insights for targeted business growth. The business intelligence and analytics community on BrightTALK is made up of thousands of data scientists, database administrators, business analysts and other data professionals. Find relevant webinars and videos on business analytics, business intelligence, data analysis and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Business Intelligence and Analytics

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

Cracking the Code: Defending APIs from Business Logic Attacks

Presented by

About this talk

Imperva