What is WAF Web Application Firewall?

Understanding WAF Web Application Firewall

A firewall that monitors filters or blocks HTTP traffic to and from a web application. A web application firewall is a security solution specifically designed to protect web applications by filtering and monitoring HTTP traffic between the application and the internet. WAFs defend against attacks targeting web application vulnerabilities like SQL injection cross-site scripting and other OWASP Top 10 threats applying both positive and negative security models to identify and block malicious traffic. WAF technologies are referenced in standards like PCI DSS 6.6 NIST SP 800-41 and various application security frameworks. Organizations implement WAFs through cloud services dedicated appliances integrated services or host-based solutions. For example a financial services company might deploy a multi-layered WAF strategy including cloud WAF services protecting public-facing applications from volumetric attacks on-premises WAF appliances with custom rules tailored to their specific applications API gateway protection for their services and integration with their security monitoring to provide visibility into application layer attacks while continuously updating rule sets based on emerging threats. Related terms Application security Application layer firewall API security HTTP filtering OWASP Top 10 SQL injection XSS protection Bot protection Layer 7 security Input validation DDoS protection.