Security Intermediate

What is WAF (Web Application Firewall)?

A security solution that filters and monitors HTTP traffic between a web application and the internet, blocking common attacks.

WAFs protect against OWASP Top 10 attacks: SQL injection, XSS, CSRF, and more. They inspect HTTP requests and responses, applying rules to detect and block malicious patterns. WAFs can be network-based, host-based, or cloud-based.

Popular WAFs include Cloudflare WAF, AWS WAF, ModSecurity (open-source), and Imperva. WAF rules include signature-based detection (known attack patterns), rate limiting, IP reputation, and bot detection. WAFs complement but do not replace secure coding practices.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

RBAC (Role-Based Access Control)

An access control model where permissions are assigned to roles, and users are assigned to roles rather than getting permissions directly.

Security Hardening

The process of reducing a system's attack surface by disabling unnecessary services, applying patches, and configuring security controls.

Input Validation

The process of verifying that user-supplied data meets expected formats, types, and ranges before processing it.

A technique that controls the number of requests a client can make to a server within a specified time period.

CSRF (Cross-Site Request Forgery)

An attack that tricks authenticated users into submitting unwanted requests to a web application they are logged into.

The process of converting readable data into an unreadable format using algorithms, reversible only with the correct key.

View All Security Terms →