What is a Web Application Firewall (WAF)?
A WAF or Web Application Firewall typically exists as a software component, cloud solution, or hardware-based appliance that helps protect web applications. A Web Application Firewall will monitor and filter the traffic between a web application and the Internet. It can be used to protect web applications from Cross-Site Request Forgery, Cross-Site Scripting, and SQL Injection based attacks, among others. A Web Application Firewall is not designed to defend against all types of threats; however, it is usually part of a group of tools to protect against a range of attack vectors.
A Web Application Firewall operates using a combination of rule-based logic, parsing, and signatures to detect and prevent attacks. The use of these rules and signatures helps to protect the web application by filtering out malicious traffic. One of the critical values a WAF has comes from the speed and usability of its policy management. Administrators can make changes on the fly with minimal impact to the protected web application or its environment.