A WAF is an application firewall dedicated for web applications. There are multiple approaches how to implement a WAF depending on scenario and requirements.
A WAF security solution is normally used for securing web applications in order to protect against attacks on the application layer. It filters bad requests that exploit typical application programming errors as application weaknesses or other vulnerabilities on the application platform or underlying system.
A WAF would actually not be needed in the ideal world as secure applications would be developed in the first place. However, application security is difficult to achieve for various reasons. Furthermore it is difficult to achieve the same security level for all external facing web applications. A WAF is able to catch these shortcomings and lift the security level for all applications behind it.
Another important WAF business case is to implement virtual patching on the WAF instead of patching them in the application. This is especially important for large environments because it allows the application teams to buy precious time and schedule such application changes in an orderly way within the application development cycle. Otherwise, the teams would be constantly overflown with emergency changes every time when a new vulnerability is discovered.
2016/02/05 © ACROSEC Inc.
← What is a WAF?