What is WAF?
A web application firewall (WAF) protects web applications from a variety of application layer attacks such as cross-site scripting (XSS), SQL injection, and cookie poisoning, among others. … With the right WAF in place, you can block the array of attacks that aim to exfiltrate that data by compromising your systems. With the right WAF in place, you can block the array of attacks that aim to exfiltrate that data by compromising your systems.
Traditional network firewalls (Layer 3-4) do a great job preventing outsiders from accessing internal networks. But, these firewalls offer little to no support in the protection of application layer traffic. Today, threat vectors are being introduced at all layers of the network. For example, the Slowloris and HTTP Flood attacks are Layer 7 attacks…a traditional network firewall would never stop these attacks. But, nonetheless, your application would still go down if/when it gets hit by one of these. It’s important to defend your network with more than just a traditional Layer 3-4 firewall. That’s where a Web Application Firewall (WAF) comes in. In this video, John outlines what a WAF is and why your web application needs one.