Impart WAF is a web application firewall designed for engineering teams with a focus on modern developer experience. The platform provides protection against OWASP Top 10 threats including SQL injection and cross-site scripting attacks. The WAF enables targeting attackers by multiple attributes beyond IP addresses, including API tokens, authorization headers, and session cookies. It includes account takeover detection capabilities covering credential stuffing, password spraying, and enumeration attacks. The system identifies weak authentication and authorization at the JWT or API key level to prevent business logic abuse. Rules can be customized using AssemblyScript and managed through Runtime Rule Graphs, which allow security teams to drag and drop basic detections into complex policies. Dependencies can be managed with Rule Graphs and rules can be regression tested before deployment. The platform supports infrastructure-as-code tools like Terraform for versioning and management at scale. The system automatically surfaces normal traffic patterns that trigger false positive detections and enables creation of granular exceptions. It provides detection capabilities that go beyond basic volumetric IP rate limits to identify parameter enumeration attempts across multiple IP addresses. The platform integrates into development workflows and is designed to be deployed in blocking mode in production environments.