Web Application Firewall
(WAF)
WAF is a specific form of application firewall that filters, monitors, and blocks https traffic to and from a web service. By inspecting https traffic, it can prevent attacks exploiting a web application's known vulnerabilities.
A web application firewall is a special type of application firewall that applies specifically to web applications. It is deployed in front of web applications and analyzes bi-directional web-based (https) traffic – detecting and blocking anything malicious. The OWASP provides a broad technical definition for a WAF as “a security solution on the web application level which – from a technical point of view – does not depend on the application itself.”
In other words, a WAF can be a virtual or physical appliance that prevents vulnerabilities in web applications from being exploited by outside threats. These vulnerabilities may be because the application itself is a legacy type or it was insufficiently coded by design.
