Application protection
A Web Application Firewall (WAF) is a specific form of application firewall that filters, monitors, and blocks HTTP/S traffic to and from web services and applications. By inspecting HTTP/S traffic, the system can prevent attacks using known web application vulnerabilities, such as SQL injection, Cross Site Scripting (XSS), system misconfiguration, etc.
The WAF solution should be used as a “web application-level security solution” that does not depend on the application itself. This allows it to ensure relatively reliable protection even in the case of mistakes made by developers and administrators of web servers. It also offers the ability to be used as an enforcement point for the security policy defined between web applications and their users.
It can be a virtual or physical machine that prevents external threats from exploiting vulnerabilities in web applications. The remediation of flaws in the code of WEB-servers is done through special configurations of sets of rules, also known as policies.
Web application firewalls are used in combination with other network perimeter security solutions, such as network firewalls and intrusion prevention systems, to provide a comprehensive security strategy. They use a combination of rule-based logic, parsing, and signatures to detect and prevent attacks.
The Open Web Application Security Project (OWASP) maintains a list of the ten most dangerous web application security vulnerabilities, and all commercial WAF offerings must provide protection against their exploitation.