David Holmes
Thales l Imperva / CTO, Application Security
David Holmes is the Thales l Imperva CTO for application security. Most recently he was a celebrated Forrester analyst for Zero Trust, SASE, DDoS and network security. In 2021, he awarded Imperva a Leader’s position in the Forrester Wave: DDoS mitigation Solutions. Prior to Forrester, Holmes developed and sold appsec and bot management solutions. Holmes was a software developer for 25 years, starting with C and ending with Python, and still codes though not as often as he would like. Holmes has spoken at RSA (2021, 2019), RSA Europe (2014), the Australian CyberSecurity Conference (2018) and many regional conferences. Holmes studied Engineering Physics and Computer Science at the University of Colorado Boulder under the legendary professor Evi Nemeth.
When not in front of a computer, Holmes enjoys fly-fishing, American baseball, traveling and consuming craft beers.
Premiere: 4/15 12:00 - 12:30
Replays: 4/15 18:00 - 18:30, 4/16 00:00 - 00:30
API attacks have become an increasingly severe issue in the Asia-Pacific region, posing major security threats to enterprises. These include shadow APIs, challenges in implementing third-party APIs, lack of API management, business logic abuse, data breaches, and a significant shortage of API security expertise.
In this session, David Holmes, Chief Technology Officer for Application Security at Imperva (a Thales subsidiary) and former Forrester cybersecurity analyst, will provide an in-depth analysis of API attack trends based on the latest attack statistics from the Imperva Threat Research Team. The discussion will cover common API vulnerabilities, business logic attacks, and emerging AI-related threats. Additionally, it will highlight global threat indices, regional differences between the Asia-Pacific and other areas, and provide localized insights into Taiwan's threat landscape.
How can enterprises develop concrete and actionable security strategies to counter these threats? This talk will outline proactive and adaptive cybersecurity measures and share the latest advancements in modern application security protection technologies.