Official logo for HUMAN Security

HUMAN Security

by HUMAN Security, Inc.

4.2
WAFPlanet Rating

Advanced bot management and fraud prevention platform combining technologies from HUMAN (formerly White Ops) and PerimeterX.

Visit Website Documentation View Pricing
Company: HUMAN Security, Inc.
Pricing: Custom enterprise pricing
Founded: 2012

Overview

HUMAN Security, formerly White Ops (founded 2012, New York), is a bot-management and fraud-prevention platform. It stops automated abuse like credential stuffing, account takeover, carding, scraping, and scalping, using behavioral analysis, machine learning, and a large global decision network to tell genuine humans from sophisticated bots.

The flagship HUMAN Bot Defender leads the Application Protection line, alongside Code Defender and Account Defender, much of it from the 2022 PerimeterX merger. It is not a classic OWASP WAF; it targets automated, bot-driven threats and runs alongside a traditional WAF rather than replacing its OWASP Top 10 protection.

HUMAN is enterprise-focused, serving e-commerce, ad-tech, and other high-traffic firms facing large-scale automation and fraud. It deploys through enforcers, connectors, and SDKs integrating with leading CDNs and servers (Cloudflare, Fastly, Akamai, AWS CloudFront, Nginx, Apache), plus mobile and API coverage. Pricing is quote-based, with self-service and managed delivery, so it suits enterprises rather than small sites needing only basic WAF rules.

Ratings Breakdown

Ease of Use 3.5/5
Value for Money 3.3/5
Customer Support 4.0/5
Features 4.5/5

Key Features

Behavioral Analysis

Advanced behavioral detection using client-side signals and server-side analysis.

Human Verification

Proprietary technology to verify whether interactions are from humans or bots.

Account Protection

Prevent account takeover, credential stuffing, and fake account creation.

Pros & Cons

Pros

  • Best-in-class bot detection

    Industry-leading bot detection combining multiple acquired technologies.

  • Broad integration support

    Works with all major CDN and web server platforms.

  • Comprehensive fraud prevention

    Goes beyond WAF to cover ad fraud, account fraud, and transaction abuse.

Cons

  • Not a traditional WAF

    Focused on bot management; does not replace a full WAF for OWASP threats.

  • Enterprise-only pricing

    Not accessible for small businesses or individual developers.

Pricing

Pricing model: Custom enterprise pricing

Enterprise

Custom pricing

Full bot defense and fraud prevention

  • Bot detection and mitigation
  • Account fraud prevention
  • Ad fraud protection
  • Behavioral analysis
  • Global sensor network

Our Verdict

HUMAN Security is the market leader in bot management, combining technologies from multiple acquisitions into a comprehensive platform. While not a traditional WAF, it provides critical protection against automated threats.

Our verdict: The top choice for enterprises needing advanced bot management and fraud prevention.

CVE Coverage

HUMAN Security can detect and block attacks matching 105K+ known CVEs based on its supported rule sets.

13K+
Critical
25K+
High
44K+
Medium
1.7K+
Low

Coverage by Attack Type

Cross-Site Scripting (XSS) High
45K+ CVEs
SQL Injection High
19K+ CVEs
Improper Input Validation Medium
12K+ CVEs
Path Traversal High
9.1K+ CVEs
Code Injection Medium
6.5K+ CVEs
OS Command Injection High
5.9K+ CVEs
Unrestricted File Upload Medium
4.1K+ CVEs
Command Injection High
3.6K+ CVEs
Open Redirect Medium
1.5K+ CVEs
XML External Entity (XXE) High
1.2K+ CVEs

Latest Blockable CVEs

CVE Severity
CVE-2026-49294 UNKNOWN
CVE-2026-20262 MEDIUM
CVE-2026-9863 UNKNOWN
CVE-2026-9862 UNKNOWN
CVE-2025-15659 UNKNOWN
CVE-2025-15658 UNKNOWN
CVE-2026-52704 UNKNOWN
CVE-2019-25746 HIGH
CVE-2018-25436 CRITICAL
CVE-2016-20084 HIGH
Browse all CVEs →

Frequently Asked Questions

Is HUMAN Security a WAF or a bot manager?

HUMAN Security is primarily a bot-management and fraud-prevention platform, not a classic OWASP WAF. Its flagship HUMAN Bot Defender stops automated threats such as credential stuffing, account takeover, carding, scraping, and scalping. For general application-layer protection (SQL injection, XSS, OWASP Top 10), you would typically run a dedicated WAF alongside it rather than replace one.

What is HUMAN's relationship to PerimeterX?

HUMAN Security (formerly White Ops, founded 2012) merged with PerimeterX on July 27, 2022. PerimeterX's products, including Bot Defender, Code Defender, and Account Defender, now form the core of HUMAN's Application Protection line. If you previously used PerimeterX, you are now a HUMAN customer.

Did HUMAN acquire Distil Networks?

No. Distil Networks was acquired by Imperva in June 2019 and its technology lives within Imperva's bot management. HUMAN's bot defense comes from its own White Ops origins plus the PerimeterX merger, not from Distil.

How much does HUMAN Bot Defender cost?

HUMAN does not publish a price list. Pricing is quote-based and generally scales with traffic or request volume, available on request. It is positioned for enterprise budgets, though both self-service and fully managed (white-glove) delivery options are offered.

Who is HUMAN Security best for, and how is it deployed?

It suits large enterprises, e-commerce, and ad-tech firms facing sophisticated, high-volume automated attacks. Deployment is via enforcers and connectors and SDKs that integrate with major CDNs and servers (for example Cloudflare, Fastly, Akamai, AWS CloudFront, Nginx, Apache) plus mobile and API coverage. It is generally overkill, and over budget, for small sites needing only basic WAF protection.

Ready to try HUMAN Security?

Visit the website to learn more or request a demo.

Visit Website View Pricing