๐ŸŽ New User? Get 20% off your first purchase with code NEWUSER20 ยท โšก Instant download ยท ๐Ÿ”’ Secure checkout Register Now โ†’
Menu

Categories

Security Intermediate

What is WAF (Web Application Firewall)?

A security solution that filters and monitors HTTP traffic between a web application and the internet, blocking common attacks.

WAFs protect against OWASP Top 10 attacks: SQL injection, XSS, CSRF, and more. They inspect HTTP requests and responses, applying rules to detect and block malicious patterns. WAFs can be network-based, host-based, or cloud-based.

Popular WAFs include Cloudflare WAF, AWS WAF, ModSecurity (open-source), and Imperva. WAF rules include signature-based detection (known attack patterns), rate limiting, IP reputation, and bot detection. WAFs complement but do not replace secure coding practices.

Related Terms

SOC (Security Operations Center)
A centralized team and facility responsible for monitoring, detecting, analyzing, and responding to cybersecurity threats 24/7.
Phishing
A social engineering attack that uses fraudulent communications to trick people into revealing sensitive information or installing malware.
Firewall Rules
Configuration entries that define which network traffic is allowed or blocked based on source, destination, port, and protocol.
Supply Chain Attack
A cyberattack that targets less-secure elements in the software supply chain to compromise downstream users and organizations.
DAST (Dynamic Application Security Testing)
Testing a running application from the outside by sending malicious requests to discover security vulnerabilities.
DDoS (Distributed Denial of Service)
An attack that floods a target server or network with traffic from multiple sources to overwhelm it and deny service to legitimate users.
View All Security Terms โ†’