Web Application Firewalls (WAF) have been around for quite some time to protect web applications through the inspection of HTTP traffic(Web Application Firewall waf). Traditionally WAFs were used within organizations on-premises to protect both internal intranets and externally facing internet web applications. Over time organizations have grown to depend on web applications for doing business with business partners and customers, making it business-critical to maintain and protect a web application.
Since the beginning, WAFs provided protection against a list of common types of web attacks such as SQL injection and cross-site scripting using pattern matching techniques against the HTTP traffic. As the list of attack types continued to grow, the Open Web Application Security Project (OWASP) provided some insight into the most critical security risks to web applications in an effort to give web developers guidance on minimizing these risks. WAFs also provide a level of protection against connection-based Distributed Denial-of-Service (DDoS) attacks that try to overwhelm or disrupt normal traffic to web-based services.
A web application firewall (WAF) is a firewall that monitors, filters and blocks data packets as they travel to and from a website or web application. A WAF can be either network-based, host-based or cloud-based and is often deployed through a reverse proxy and placed in front of one or more websites or applications.
Actionable intelligence with real-time threat data, drill down and risk scoring, eliminating the need for complex workflows between products. Monitors all security events identified on cloud-based and on-premises deployments.