Security Intermediate

What is WAF (Web Application Firewall)?

A security solution that filters and monitors HTTP traffic between a web application and the internet, blocking common attacks.

WAFs protect against OWASP Top 10 attacks: SQL injection, XSS, CSRF, and more. They inspect HTTP requests and responses, applying rules to detect and block malicious patterns. WAFs can be network-based, host-based, or cloud-based.

Popular WAFs include Cloudflare WAF, AWS WAF, ModSecurity (open-source), and Imperva. WAF rules include signature-based detection (known attack patterns), rate limiting, IP reputation, and bot detection. WAFs complement but do not replace secure coding practices.

Automated analysis of source code to find security vulnerabilities without executing the application.

Two-Factor Authentication (2FA)

A security method requiring two different forms of identification before granting access to an account.

Certificate Pinning

A security technique that associates a host with its expected TLS certificate or public key, preventing man-in-the-middle attacks with fraudulent certificates.

DAST (Dynamic Application Security Testing)

Testing a running application from the outside by sending malicious requests to discover security vulnerabilities.

CSRF (Cross-Site Request Forgery)

An attack that tricks authenticated users into submitting unwanted requests to a web application they are logged into.

Principle of Least Privilege

A security principle where users and programs receive only the minimum access rights needed to perform their specific tasks.

View All Security Terms →