๐ŸŽ New User? Get 20% off your first purchase with code NEWUSER20 ยท โšก Instant download ยท ๐Ÿ”’ Secure checkout Register Now โ†’
Menu

Categories

Security Intermediate

What is WAF (Web Application Firewall)?

A security solution that filters and monitors HTTP traffic between a web application and the internet, blocking common attacks.

WAFs protect against OWASP Top 10 attacks: SQL injection, XSS, CSRF, and more. They inspect HTTP requests and responses, applying rules to detect and block malicious patterns. WAFs can be network-based, host-based, or cloud-based.

Popular WAFs include Cloudflare WAF, AWS WAF, ModSecurity (open-source), and Imperva. WAF rules include signature-based detection (known attack patterns), rate limiting, IP reputation, and bot detection. WAFs complement but do not replace secure coding practices.

Related Terms

CSRF (Cross-Site Request Forgery)
An attack that tricks authenticated users into submitting unwanted requests to a web application they are logged into.
Phishing
A social engineering attack that uses fraudulent communications to trick people into revealing sensitive information or installing malware.
SIEM (Security Information and Event Management)
A platform that collects, correlates, and analyzes security events from across an organization to detect threats and incidents.
Session Hijacking
An attack where an adversary takes over a legitimate user session by stealing or predicting the session identifier.
Firewall Rules
Configuration entries that define which network traffic is allowed or blocked based on source, destination, port, and protocol.
Webhook Signature Verification
A security mechanism that verifies webhook payloads are authentic and unmodified using cryptographic signatures.
View All Security Terms โ†’