← Cybersecurity Alphabet Soup

WAF

Web Application Firewall

appseceasy

A WAF sits in front of a web application and inspects HTTP traffic, blocking requests that match attack patterns like SQL injection or cross-site scripting. It protects applications in production, buying teams time to fix underlying vulnerabilities in code. A WAF is a compensating control rather than a cure, since determined attackers can often find bypasses for rule-based filtering.

Sources

More in appsec