A web application firewall (WAF) protects web application servers and infrastructure from attacks and breaches originating from the Internet and external networks. It is a purpose-built firewall that can be customized to accept and reject HTTP requests and sessions using predefined rules.

WAF protects web applications from a variety of application layer attacks such as cross-site scripting (XSS), SQL injection, and cookie poisoning, among others. Attacks to apps are the leading cause of breaches—they are the gateway to your valuable data. With the right WAF in place, you can block the array of attacks that aim to exfiltrate that data by compromising your systems.

WAF is usually deployed between the web servers and the Internet. It is typically a standalone device having a pre-installed vendor-provided firewall application. It filters each incoming and outgoing message. Once configured with known malicious HTTP-based attacks, the web application firewall scans and stops such messages and requests.